9c32f86e6dec3a31137bbb5f693a7f1fce28b73006980829bf8b4c9c6cb36ec0

General

Target

Starwolf_beta_w_discord.zip
Size

133.9MB
Sample

240903-ybxc7swdpf
MD5

37da071ee019a8167b3af7d1f8726dcc
SHA1

32785cd0a03c8678cec6ee113bd949450f0c3c71
SHA256

9c32f86e6dec3a31137bbb5f693a7f1fce28b73006980829bf8b4c9c6cb36ec0
SHA512

b0370cf29cd00ae4d9cb8b36df71f5975c42f45d754013040707457bb730b9caea11c375fff0ff161fd12c0bb1c94877f7ea6660e81f440b9797887962dea212
SSDEEP

3145728:QdhaybLvv73tofh2UPO/bTIW/0pWFi0P5KzVIA4dyCU3Z0AJu593Dt:QCELXDtIh2UPO/bpF0GA4UJ3Z0zZ

Score

9^/10

Malware Config

Targets

- Target
  
  Starwolf_beta/DiscordSetup.exe
- Size
  
  109.4MB
- MD5
  
  d36f97bffe90431a08a40aa58f2d59af
- SHA1
  
  c528ea762df5b975b73990ba96bb48c63b5e31a5
- SHA256
  
  26e1ff9fc464497b5860c4133877de7606482f4c14c6be84d52e423fe29b98f0
- SHA512
  
  c188c98064f5f14e3a37d9553c417bcb0015ad33bb386ea6f5220a553e5157e523fce103e79f771152327d404b6901995c119c1acde1b1572b1867798bf9261c
- SSDEEP
  
  3145728:ZfZGAbehL3TlyVDyudsjFNgKhUd0b2Vhncl/VIk3WEx:ZEyehDlQDyudsjFPbltIkGQ
Score

9^/10

credential_access discovery execution persistence spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Run Powershell to get system information.
  execution
behavioral1
- Target
  
  Starwolf_beta/Starwolf_beta.exe
- Size
  
  68.3MB
- MD5
  
  3ea1c457fe2bd92ffdcbd4b3b46ae0f8
- SHA1
  
  15a02ab314b69160e1573e96a582500d18426f7e
- SHA256
  
  00cf81d3004efd89a47d5edb042969205342d90ea6c7b0f7bc1e4069865e73ff
- SHA512
  
  403c91011968cedc41eec75c16294c0062238b11051cf9f2d461d5866ddea54c81cecf8685f6c59d1c86493e52b66e4d9a05cbde7f34cdda2fc3bd46f47d227c
- SSDEEP
  
  393216:PyT3YGojrsBEnP4XrqSFM+FcrONRtgZJ93AEMQu58EISEhoIaE2FShMzTVA+BDE0:PWeBZ6QxhUDE52O26rsxciz/WyW/ZyVH
Score

9^/10

credential_access discovery execution persistence spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to get system information.
  execution
behavioral2