General
-
Target
Celex Cracked Credits Runtz.zip
-
Size
76.2MB
-
Sample
240903-2me5vazhke
-
MD5
0219d0d9b1cf092f7ed15b7737c1ad16
-
SHA1
3d6ae3312656815fb4a42289c552cd311d30c5b9
-
SHA256
b5549b15a70bd190fd658ce5e11c97fe54075bbb06f4ec5c393c3aa8cf2aaed3
-
SHA512
6a2fbb98064380516b66f9a7e9654fc7a4183242527282dd55d08c92670f7444219ec4c6c7e560f88ff1e4c2ca1fdcbb5f660a63d07eb5c71d11dfb3bc53e7c7
-
SSDEEP
1572864:8GcnmEHI8I8KPv+FDq/Jn9DPbUNqmnrgtB2/EY8QhIjK5mMr6JNX7xi:8GcHqPgoJnxGgtBCECHj6vXVi
Malware Config
Targets
-
-
Target
Celex Cracked Credits Runtz/CelexCracked By Runtz.exe
-
Size
76.5MB
-
MD5
c32e966fc462555c5d1eaf1aeb30dbfc
-
SHA1
ff1b7bf4d4d29fd00b8d1087b39ecd0edf63e11c
-
SHA256
69c81c3157acf3147df7a3aef82432dfc76d24ca7aafe2c34a24bb4bb196ab02
-
SHA512
bde9dc630cb75c30161e377c42c56ea11404aec30f468d27924141f1fc85ebd2a7402efe72d3b729dc3379dc4ec47d42c22866fdb56fd1e35533e5dc7e1329a4
-
SSDEEP
1572864:pvhQ6l1WF7vDSk8IpG7V+VPhqS0E7WTylPDDiY4MHHLeqPNLtD6qIZ0Awf:pvh1vKPSkB05awSgTy5IMHVLt+3Nwf
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
8KB
-
MD5
849e6942b15c2008c7641432902645f5
-
SHA1
60942191e1ab3c6d3edf697b57d09c1620c51710
-
SHA256
fa4ec025ef2d20b6ebd19803e7131f6b540a7ba14d6769bfd62c37fb875a134b
-
SHA512
0e6611f100ea22b2d5d5632cd099f87d57696b73bb9c9d10dde98477b2bb1ff927816b54ee005e07df49d6897f36ad3d858ac142ae082d25800f07597f67248a
-
SSDEEP
192:ESB7osP1MJaugQXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavQTqacyq35D0Fnv
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
5KB
-
MD5
2754e3152f668e31fccca7b6f275716b
-
SHA1
e9ed74d679a96372c4457e72bc6639a4d96a2378
-
SHA256
f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
-
SHA512
a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
-
SSDEEP
96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score3/10 -
-
-
Target
misc.pyc
-
Size
2KB
-
MD5
bcb404423ac51f798753e8d11e401071
-
SHA1
9080018dae3aa157e3a97904c86af06d4a0a6873
-
SHA256
572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
-
SHA512
25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
4KB
-
MD5
8b9cbd29c3dfec519a4313b1b7a0069b
-
SHA1
5efb073593bc8908a7514dad78673c9d65344a6f
-
SHA256
589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
-
SHA512
c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
-
SSDEEP
96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
65KB
-
MD5
e50da1d9f98c091dd1790d5554792953
-
SHA1
1aaaeafd603289f2a16771ef08cb913034c19f74
-
SHA256
197975788127b019c6e8a6b13a2e2d57d6478e921d350af557abdfb239a69ad3
-
SHA512
33f0188e619d9b7818b14e41931b347ffe10b2febd17a02698a13af733c0ef86e90f4f47a8a81f52c3a40553d3f09945ea9cf5c57561aa6d39f05ae903a71f94
-
SSDEEP
1536:20jFQgVgJPkBBj1uYCFjUIOihdBsoGwjRQ5J:ag2FkBkFwIOCsoD2
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1