Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    76.9MB

  • Sample

    240911-qynetatekf

  • MD5

    3f1122e94fe58901d311168363af092c

  • SHA1

    9a5005dd2af72df275e4f0403b7d39591bd9da12

  • SHA256

    a18042977bfc8dba3227980376f0b6a3571f44ace4edae965f1c390fc7fd43b6

  • SHA512

    f650e660c0990569bd88fdea5b179370edc95c45fac2fb29718b2b3e5ac726130ce97d50e15b65f83934d9d9d245b96a198a68899cd12adf18cc73d8f60ed6c3

  • SSDEEP

    1572864:evHcRlnWUmSk8IpG7V+VPhqFxE7ulHQBBPiYweyJulZUdg77l3ayZvleH1O3p:evHcRVLmSkB05awFjdQnApuf7l39vgOZ

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      76.9MB

    • MD5

      3f1122e94fe58901d311168363af092c

    • SHA1

      9a5005dd2af72df275e4f0403b7d39591bd9da12

    • SHA256

      a18042977bfc8dba3227980376f0b6a3571f44ace4edae965f1c390fc7fd43b6

    • SHA512

      f650e660c0990569bd88fdea5b179370edc95c45fac2fb29718b2b3e5ac726130ce97d50e15b65f83934d9d9d245b96a198a68899cd12adf18cc73d8f60ed6c3

    • SSDEEP

      1572864:evHcRlnWUmSk8IpG7V+VPhqFxE7ulHQBBPiYweyJulZUdg77l3ayZvleH1O3p:evHcRVLmSkB05awFjdQnApuf7l39vgOZ

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      e150466b71e3736a1a4ba5833a2424be

    • SHA1

      ebb501650d520131e4d234a431785dfa191c630e

    • SHA256

      b1b849ab5de18c5cc018f941bc7362eec8d5019ec73fed3ef56a0fb7ae832fe6

    • SHA512

      b656fe2446b9fa5d93a0845412f6714d6af03be7cd0417c56594b1f33cb18e8f0ef57878c45c54176b3577ac9ae840620fff73ef5c4aefcb5615b714815c335a

    • SSDEEP

      384:YGC7RYmnXavkLPJrltcshntQ5saa2holHVA:YGCuvkL9ltcsttQ5saaCgHVA

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      06edc64263be4dbe97e99f510d1cf859

    • SHA1

      f9f4e8fc35ddf244cb215146f5097916bfeaa96e

    • SHA256

      d7444836c6013f4995383b0a76818dbc9cbc5b61965b5940dc4784a1dd333b9b

    • SHA512

      ab2a84b0027413584fb3bc310f18c11c6cabb953a094120295432fbbd8c34b72f2b41176d50a43f8b0dd0c65d2e6b7bb47e755db22fb7f405cd9fb2b42b747cc

    • SSDEEP

      192:kNaBBeiNR9QfUF2x3NC79F21aG67+DAhN:kPiT2XtFcjKDAhN

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      d58911ee31690aea12a3fe4bda5ca9ca

    • SHA1

      a350efff87c56de2dc8edbddc557856d7ea159ea

    • SHA256

      88bd58dcda76c1a090eb08b36d42ee7b807d49d32569d69ebea219c0be7075ca

    • SHA512

      6bd5394c098948c488229fb93c69b979fe049d8e7697d9ae8056fd2054cbe97bc00633802d76c14c80e525f1266e87aecb01cbe1e666f6eb5e3dbb1277b20ff1

    • SSDEEP

      96:ySMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:Lolvyz8evq+VBXZGQlvmV1k5hub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      c38f9b93904c57adc285f1ecc151e8a7

    • SHA1

      d50dde8e63de1c26397a8376535797849a24ec03

    • SHA256

      60fb1d1502b4c1c1b810fce313414d7b107ae6de7d8e303fd22b1b582b5c134d

    • SHA512

      627bab4cfb6696272ee1ca2c216bdd9b1ea322e83f32929ba497fb94cfd948cad1214340de9bfb464dc1bfd3140213fd02ee9b6173e4bf7abab69b5a9dc47eca

    • SSDEEP

      192:h114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:V4qWLlMFyVMHAE/4

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      172KB

    • MD5

      09a2d626dfc55d781c201bcb82a45e5b

    • SHA1

      fbe3cd4dca64df04695dcf1402bb49bd8f5843b3

    • SHA256

      c6c56689c519def685d93dbbb308fbb4bf88bd8ac8f5c0731752f987d156321a

    • SHA512

      24878a62fc7a1c88c3e0497ce7e885424d074217c9d5b1c0938d8132b76adab01e1938a0614a38eb4c4424284b7d71cb9785a307d2b69206aa551b6b622b9b65

    • SSDEEP

      3072:CFflDC0aOO2rG1DSTMovPZTerUScdQQV+s3iIvdXzpPsTxw:CDC0aOO2rGIMo0j8SsVse

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks