Overview

overview

10

Static

static

10

Stix+Cracked+Paid.exe

windows7-x64

7

Stix+Cracked+Paid.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Stix+Cracked+Paid.exe

  • Size

    76.8MB

  • Sample

    240831-jkg8basfpf

  • MD5

    91e62d208a08ce20631891ae629f11c3

  • SHA1

    aecb6b0c95d4452643aa0d9985765908648b802e

  • SHA256

    f46d883cd970fecf0c090346c143a2f7dd6284298aa1c3276deb39d9c5a5cbe2

  • SHA512

    c5a170bc404fc4dd9aadb0dc1f3b34d2a0af47c818f8da4c20217a6f19b546f25aa5180fcf663f714abe4b7f471c6ad6b28a1e06a18440a4106bb4d92a6e543d

  • SSDEEP

    1572864:VvHcRlKWah7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh5wJ9TV3X5mt:VvHcRYvhTSkB05awcfLdMpuFh5yZmt

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Stix+Cracked+Paid.exe

    • Size

      76.8MB

    • MD5

      91e62d208a08ce20631891ae629f11c3

    • SHA1

      aecb6b0c95d4452643aa0d9985765908648b802e

    • SHA256

      f46d883cd970fecf0c090346c143a2f7dd6284298aa1c3276deb39d9c5a5cbe2

    • SHA512

      c5a170bc404fc4dd9aadb0dc1f3b34d2a0af47c818f8da4c20217a6f19b546f25aa5180fcf663f714abe4b7f471c6ad6b28a1e06a18440a4106bb4d92a6e543d

    • SSDEEP

      1572864:VvHcRlKWah7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghh5wJ9TV3X5mt:VvHcRYvhTSkB05awcfLdMpuFh5yZmt

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      16f2b80da414ac277d07e2b718044a58

    • SHA1

      00d19abda42f8d2cd2107e028980ad8060256c2e

    • SHA256

      1a4f8d45bd480a69afd85e32b5338e5e1d0465022a45cd0b885bb2d67ef60ee2

    • SHA512

      9d0886cfb43f645522ad4b95758dc04df043e5e48a586b1deca0b26f0128ba8e983870d5cd74b9db00f25a0cc09b1850ea97a32048208d94fbdf85a2c8980cac

    • SSDEEP

      384:YGC7RYmnXavEGP3ltcrhntQ5s6a2holHVA:YGCuvEoltcrttQ5s6aCgHVA

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      a12cc942c6a47419199f4b8d1a7a7610

    • SHA1

      b4b768ca3b4a69defbc3e7d3e0f9c6df838f88a2

    • SHA256

      de06ce32e8f7524238899d0478dfaf2c1530f1444ba1d61ff074a35e6ade4a0c

    • SHA512

      1c6c19e937e2e9517bcdf44927356de6bd5a850a920eb5c82e0885755ce245830e92b7fe2f15dfd4c02237bc5dd4b6f09c22fd68cb70fd9d15605eda620a4753

    • SSDEEP

      192:kNal3eiNis9QfUF2x3NC79F211G6qEtAhN:kJiB2XtF7jqkAhN

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      3af0657bf4d2cdcd8e84aeee71be06f7

    • SHA1

      bd28a025931e96da24c9818e1a1648d2ce7f5212

    • SHA256

      83bbb656424fab009b612232bab4970a8bd49c944285975babb3de8f99db9da6

    • SHA512

      a402b759e427ed78e55650b9188772916787a1734f5dd5a5782d98228c7c9da11057627bcad29aa94139a9c20b1c4ca2e8c92983b38384245855f6da3369dace

    • SSDEEP

      96:ySMlhlvyz7DweHPF8+VB7sHIZGQSWfvmyyZ1k9qHub:Lolvyzgevq+VBXZGQlvmV1kkHub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      91bebfc811f4706852fc415d7b2cc836

    • SHA1

      26a7645c5b2590a29bb403cb7be00c3ad5e575b3

    • SHA256

      fb77fa8b2407db4127a67e37188e0d722c981280b605f6173d737f39e3582dce

    • SHA512

      1e5ad7a82f60df0d8bc048ff31ca716cc93d1e167ef9f53e916a608b5a7709f884b657854848a9b6e586f994c010f00dba55c9c76f864b93594ff2ce9fddbadd

    • SSDEEP

      192:h114qWLfhuUIxDPK2cxDJb+XUhitovgEuz:V4qWLfMFyVxDAE/4

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      172KB

    • MD5

      b2e70f5e64b5d70b0744ad35171b72dd

    • SHA1

      99b28c31500d73c6fe01862eca34bd155c46d2e4

    • SHA256

      b3b4a899efbb5e03e937e28697a928a371d76b9e0cfc1a0e58eb88ac0ceb63dd

    • SHA512

      23d42193717ad4502b2afe13023f371b33dec6e70f17a0909466a3170bc390e6c3d295179ed37f1ac777ecbca50c8a8fae5b7600a57226a45875b86478043086

    • SSDEEP

      3072:CFfxyD0aOO2IC1VSTro4PZTw0I1ScQaQV+COOIvdXze0sTWn:C2D0aOO2ICarooIoRECWsM

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks