Overview

overview

10

Static

static

10

VirtuePrem...er.exe

windows7-x64

7

VirtuePrem...er.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

01/09/2024, 09:17

240901-k9en6awhpm 10

01/09/2024, 09:11

240901-k5y71awhjp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirtuePremiumBoostraper.exe

  • Size

    77.7MB

  • Sample

    240901-k9en6awhpm

  • MD5

    f3f265985734be7acf147ce4b832ec81

  • SHA1

    e33842557a172eef348218c9acef9b0040da2cc4

  • SHA256

    fed7241ec512d8319baab20f09e57a78c912bf9887e90c74bd46e601d3199a5d

  • SHA512

    567648662aac1f5201389890d4445dbf0bf3ef5bf69be58e72b5446d6396271bebf196936d4c4e9b53add0d5eb95163c75870f59970e9e3322589d5bbf83f3b0

  • SSDEEP

    1572864:BvHcRlKWch7vXSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgY3+uTG/Z9Us:BvHcRU7hTSkB05awcfhdCpuU33G9U

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      VirtuePremiumBoostraper.exe

    • Size

      77.7MB

    • MD5

      f3f265985734be7acf147ce4b832ec81

    • SHA1

      e33842557a172eef348218c9acef9b0040da2cc4

    • SHA256

      fed7241ec512d8319baab20f09e57a78c912bf9887e90c74bd46e601d3199a5d

    • SHA512

      567648662aac1f5201389890d4445dbf0bf3ef5bf69be58e72b5446d6396271bebf196936d4c4e9b53add0d5eb95163c75870f59970e9e3322589d5bbf83f3b0

    • SSDEEP

      1572864:BvHcRlKWch7vXSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgY3+uTG/Z9Us:BvHcRU7hTSkB05awcfhdCpuU33G9U

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      990bb1210323b8968b180576cf8114d6

    • SHA1

      a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b

    • SHA256

      b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208

    • SHA512

      43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a

    • SSDEEP

      384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      9bdb8627dc166823e7d60603575b689a

    • SHA1

      de56b5f8b3e891ad07760544132bd357f1e62368

    • SHA256

      1078edad1660d103c2135793ea9707e4ef7877fb4be7b87c0e538ed84920212c

    • SHA512

      789d21f744eff44456585fd27cd88a67e26b55ed1a043aa76a4b5e63f7dfad99013ca09b15fabecd041f8d35f8d22502c08efd0bb11d26ca083f02a64eae6d3a

    • SSDEEP

      192:kNal3eiNis9QfUFoxJvm79F211G67+PtAhN:kJiB2lrj7jKlAhN

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      204ee497021e32209ddde0c015b4dc19

    • SHA1

      6aa2c039e6b6fbfb3620d4fe42d115553702146b

    • SHA256

      a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2

    • SHA512

      961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12

    • SSDEEP

      96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      bbb6ab7b8230cca0ac46532a612143d0

    • SHA1

      4bf5ebb19c5807cfb4b48191ec65b329d67763cd

    • SHA256

      8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4

    • SHA512

      21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e

    • SSDEEP

      192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      173KB

    • MD5

      5854fef788382a52caddd002009a03c6

    • SHA1

      5edeb5aaf856aaa1eeed599f4ca9b5baae20b0c8

    • SHA256

      1f49cdd7991156f112dd68c9d91ef105f0eb94d5437777c27ba978465549f77e

    • SHA512

      c7b761d89453f2db80d81314b859e6bf454de3802169104adae18b57bc74c9d0bddef81204b483ae2d14b3780e337e45ba38282e3d5408b43ef0261a33b9be6f

    • SSDEEP

      3072:+rKhk0aOO22A1VSUkosPZTJ0pZyScWaQV+AcwIvdXzCsTWu:+rek0aOO22ApkoHpL9EAxsP

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks