growtopia | aa9976401edd918f45dd444db8bab87e26ec05678f0ff49a1b15c51695238ac0 | Triage

Sharing

General

Target

be088f9cb37894571ffabe46e800b085_JaffaCakes118
Size

14KB
Sample

240824-gw8hjawhpc
MD5

be088f9cb37894571ffabe46e800b085
SHA1

a6cced4ece759fc31c641c08170e195a25c356ae
SHA256

aa9976401edd918f45dd444db8bab87e26ec05678f0ff49a1b15c51695238ac0
SHA512

257ade2f3f03ad27cdfd8e6cf7085d8ab3151f08fee487e22ecdc7f691b861f1dd204bbc04556917a7e6e064187a6336ff1bd10c290093996231bc34f7eb1f02
SSDEEP

384:TpmJRTSf71qz1SdZd5z2/0/R0YEcP7DML7hXnESb:1mJRTSf71qz1SdZd5ie0s6l

Score

10^/10

growtopia discovery stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
123456seven

Targets

- Target
  
  be088f9cb37894571ffabe46e800b085_JaffaCakes118
- Size
  
  14KB
- MD5
  
  be088f9cb37894571ffabe46e800b085
- SHA1
  
  a6cced4ece759fc31c641c08170e195a25c356ae
- SHA256
  
  aa9976401edd918f45dd444db8bab87e26ec05678f0ff49a1b15c51695238ac0
- SHA512
  
  257ade2f3f03ad27cdfd8e6cf7085d8ab3151f08fee487e22ecdc7f691b861f1dd204bbc04556917a7e6e064187a6336ff1bd10c290093996231bc34f7eb1f02
- SSDEEP
  
  384:TpmJRTSf71qz1SdZd5z2/0/R0YEcP7DML7hXnESb:1mJRTSf71qz1SdZd5ie0s6l
Score

10^/10

growtopia discovery stealer
- Growtopia
  Growtopa is an opensource modular stealer written in C#.
  stealer growtopia
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

growtopiadiscoverystealer

behavioral2

growtopiadiscoverystealer