Overview
overview
10Static
static
10TT ViewBot...sts.py
windows7-x64
3TT ViewBot...sts.py
windows10-2004-x64
3TT ViewBot...xie.py
windows7-x64
3TT ViewBot...xie.py
windows10-2004-x64
3TT ViewBot...ent.py
windows7-x64
3TT ViewBot...ent.py
windows10-2004-x64
3TT ViewBot...rt.exe
windows7-x64
10TT ViewBot...rt.exe
windows10-2004-x64
10TT ViewBot...tup.py
windows7-x64
3TT ViewBot...tup.py
windows10-2004-x64
3General
-
Target
TT ViewBot v3.7.zip
-
Size
266KB
-
Sample
240827-precws1bkd
-
MD5
e46d36d1360b8457c032b66c6daff409
-
SHA1
bdfc45dc35f9d373e50cb537b87a8f8e5320ca47
-
SHA256
d46fea1913a10aa5cd4d1a7815b44bb93750bc06e2673857a0c314704a518a59
-
SHA512
3d82ea94f04cb8ef973ca41eec465aa6e61710523fd2dab6c993ae25f8ef464f80700047f878452ea790bc57780b94a002425e6b076e3537bca2da1637a6fcb3
-
SSDEEP
6144:k97VDohTUgnNiQeDveFdGnP710V6A2F8f7kE8ISFqRaVZSV5Ve4HPc:k9hDoBUI9ebeFu710VsCQEsFqRVe4vc
Behavioral task
behavioral1
Sample
TT ViewBot v3.7/Data/Lists.py
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
TT ViewBot v3.7/Data/Lists.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
TT ViewBot v3.7/Data/ScrapProxie.py
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
TT ViewBot v3.7/Data/ScrapProxie.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
TT ViewBot v3.7/Data/UserAgent.py
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
TT ViewBot v3.7/Data/UserAgent.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
TT ViewBot v3.7/bot_start.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
TT ViewBot v3.7/bot_start.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
TT ViewBot v3.7/setup.py
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
TT ViewBot v3.7/setup.py
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
TT ViewBot v3.7/Data/Lists.py
-
Size
2KB
-
MD5
58b844082767dd40b291276087b6323b
-
SHA1
41748aed3409eeb4be7a8d53b98a81fcfff2323d
-
SHA256
b21702251cf0e88c166088d4e08294b2b0c2f961da8056ac48c735243d554279
-
SHA512
f50268442358d511424d649603ce701cda7bb885cdfe005c8fbcdbde2b47784102b7196438d664ef4c32b5c317ad9e9b8ec7f1ed741d3aef399f378149c61547
Score3/10 -
-
-
Target
TT ViewBot v3.7/Data/ScrapProxie.py
-
Size
8KB
-
MD5
005e6b6cd75e6fd6040731c64494e537
-
SHA1
86f24fc5aad569829e0651bdcd607168c19c58f6
-
SHA256
8fd6afc4c92b8c65eb96a7493e559c83449578fcf178e20d9d126b411eead5e5
-
SHA512
a16848eda731c6e7591b94a7291095a19fca11ecdd2e4b1e55306f28b288bc473f2bad97bb505c0c8fd4d3a7e7227103427ac5aed1bf6bd3b21f6bce3e785931
-
SSDEEP
96:QSGcG6lghWnE559ZlWoxKMk59Vp+pvey9t9c9xsRvRxY1K7DpCgkTli:P659ZwoxKMW9Vp+pmYHexscU9j
Score3/10 -
-
-
Target
TT ViewBot v3.7/Data/UserAgent.py
-
Size
1.0MB
-
MD5
0c9b29e6b8291144a8a1c7b190accbe5
-
SHA1
a5946876fb6de43a28c9b3d3b783c755f74f41f1
-
SHA256
8ec04b593bbf03b344809ebca690dcec7bc082bccd0e28d3b4931b371ab044c9
-
SHA512
cc8ad93051da8b447064d4c3dbaab624b8fa4516874358a1dfe2d52ac03a87f104b6cae8b036c42c87c7d9b1946138d9a0f4f7f5ed2db62b0a771901e1ec5cfe
-
SSDEEP
384:UKxzhaSY5IiEgeBLPxKQheqwF3zdU49rdobwjkH6g6QcOHcoR8AnaREHszt3Y3fO:e
Score3/10 -
-
-
Target
TT ViewBot v3.7/bot_start.exe
-
Size
197KB
-
MD5
9c29f4415a735c3d9ee26ca06385d502
-
SHA1
127b2d6c2e63bf3ff6fb8fb055a272e088fd851d
-
SHA256
c4174541aa2cef599aee7a376e5de3393446f0018a850fcf1c6658da9692bed5
-
SHA512
ac2cf91b4ef1dc72c10d5affa83305aa011b733ffc7ce10b87efe8e91d2a9dda72a52a3806f8a20e6bd02a1873677d74a793d5359c8e235bf64fdd23946927d6
-
SSDEEP
1536:cHc9JW77pHtDEOFYPUh7N9H/sPafochTLZ61tISqS9HwRXBuS7pR72BfLJFBLbbI:ayy9HwSLZ6vTjHwBBybvIJe9
-
PureLog Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
TT ViewBot v3.7/setup.py
-
Size
941B
-
MD5
eda4ba41910e22351b9181d552cf3b1c
-
SHA1
bf2fa5977b13b6ae80a4a1915d8025f75eca16fd
-
SHA256
1291ef03e04110780a294bb9608358901fb86ea235840fbd49ffe7beeb6c4da4
-
SHA512
1f6bcfd592c408acc45ec680ca78d01f15ed5ff3a7aaa632410923f4b661de671d9a5db6dd14b1695dcad37979b053df2d9d3067be8d5a51687bc583fda89ed2
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1