Overview

overview

10

Static

static

10

SSCOSMETICS.exe

windows7-x64

7

SSCOSMETICS.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

13-09-2024 22:39

240913-2k2aassgrj 10

13-09-2024 22:21

240913-19nj3asgra 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SSCOSMETICS.exe

  • Size

    102.9MB

  • Sample

    240913-19nj3asgra

  • MD5

    a06ccc09faef64a85a921426d9e60f12

  • SHA1

    9a2f19c0730bc8312b4301e9454cccad3107f4e6

  • SHA256

    b2fd41b241aef3c5400bff943206a710c6971e8b80c27cc8504a3a6b8fa7e7db

  • SHA512

    7e6778ff098bdbd7c9f764551c64c89fb652a01a89f540c2fccb4df72a80fcbb04bfda2f57ffee2c20ad86f0c5362bbeec6ae2585fcca4ba43f4f55cf5fef9cb

  • SSDEEP

    3145728:eiWL88S6xjKcBanL2qHO5iVjdqlnGQbRe0zJcBq3gvgO3p:e7HSWNaBHCi651XcBq3G3

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      SSCOSMETICS.exe

    • Size

      102.9MB

    • MD5

      a06ccc09faef64a85a921426d9e60f12

    • SHA1

      9a2f19c0730bc8312b4301e9454cccad3107f4e6

    • SHA256

      b2fd41b241aef3c5400bff943206a710c6971e8b80c27cc8504a3a6b8fa7e7db

    • SHA512

      7e6778ff098bdbd7c9f764551c64c89fb652a01a89f540c2fccb4df72a80fcbb04bfda2f57ffee2c20ad86f0c5362bbeec6ae2585fcca4ba43f4f55cf5fef9cb

    • SSDEEP

      3145728:eiWL88S6xjKcBanL2qHO5iVjdqlnGQbRe0zJcBq3gvgO3p:e7HSWNaBHCi651XcBq3G3

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      e150466b71e3736a1a4ba5833a2424be

    • SHA1

      ebb501650d520131e4d234a431785dfa191c630e

    • SHA256

      b1b849ab5de18c5cc018f941bc7362eec8d5019ec73fed3ef56a0fb7ae832fe6

    • SHA512

      b656fe2446b9fa5d93a0845412f6714d6af03be7cd0417c56594b1f33cb18e8f0ef57878c45c54176b3577ac9ae840620fff73ef5c4aefcb5615b714815c335a

    • SSDEEP

      384:YGC7RYmnXavkLPJrltcshntQ5saa2holHVA:YGCuvkL9ltcsttQ5saaCgHVA

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      06edc64263be4dbe97e99f510d1cf859

    • SHA1

      f9f4e8fc35ddf244cb215146f5097916bfeaa96e

    • SHA256

      d7444836c6013f4995383b0a76818dbc9cbc5b61965b5940dc4784a1dd333b9b

    • SHA512

      ab2a84b0027413584fb3bc310f18c11c6cabb953a094120295432fbbd8c34b72f2b41176d50a43f8b0dd0c65d2e6b7bb47e755db22fb7f405cd9fb2b42b747cc

    • SSDEEP

      192:kNaBBeiNR9QfUF2x3NC79F21aG67+DAhN:kPiT2XtFcjKDAhN

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      d58911ee31690aea12a3fe4bda5ca9ca

    • SHA1

      a350efff87c56de2dc8edbddc557856d7ea159ea

    • SHA256

      88bd58dcda76c1a090eb08b36d42ee7b807d49d32569d69ebea219c0be7075ca

    • SHA512

      6bd5394c098948c488229fb93c69b979fe049d8e7697d9ae8056fd2054cbe97bc00633802d76c14c80e525f1266e87aecb01cbe1e666f6eb5e3dbb1277b20ff1

    • SSDEEP

      96:ySMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:Lolvyz8evq+VBXZGQlvmV1k5hub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      c38f9b93904c57adc285f1ecc151e8a7

    • SHA1

      d50dde8e63de1c26397a8376535797849a24ec03

    • SHA256

      60fb1d1502b4c1c1b810fce313414d7b107ae6de7d8e303fd22b1b582b5c134d

    • SHA512

      627bab4cfb6696272ee1ca2c216bdd9b1ea322e83f32929ba497fb94cfd948cad1214340de9bfb464dc1bfd3140213fd02ee9b6173e4bf7abab69b5a9dc47eca

    • SSDEEP

      192:h114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:V4qWLlMFyVMHAE/4

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      172KB

    • MD5

      0ee00268a50339c9b495a5cf77733052

    • SHA1

      04e4a0b6560d3ac72a94485fe5afcc1b156181d2

    • SHA256

      bdd24a5e66c35f82c2f605a2bf80e8256cfc62ca50f7f1ecb86da87b479e760d

    • SHA512

      4272226af479dd2f0ce24bec67c1a0dfdc42241c388ea612e2d129b925f71539b1f75e6b6197a926ed7a3bc30b8d2017c353f0ce88e544ebb9d2b54ddef936dd

    • SSDEEP

      3072:+r5gC0aOO2rG1VST/ovPZTerUScdQQV+C/iIvdXzpbsTxw:+r2C0aOO2rGa/o0j8SCRse

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks