Overview
overview
10Static
static
10LemonPlatformer.exe
windows7-x64
7LemonPlatformer.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
LemonPlatformer.exe
-
Size
80.3MB
-
Sample
240915-fyq6laxcmd
-
MD5
707acc21bf0fffca8a809ef3b075e8f0
-
SHA1
aff80e0204195268036ba0f37a5c7e43567c4751
-
SHA256
d8b10900756b45891227336cff7bfb50860615f50a5f2a9a9295aff4b67b9784
-
SHA512
820a1e0cfe28b1ff01e870a6c5119c4b1aab493fad9434c721fed1ab02c2f7bc8f79a9d24899d92e4a00d5ade59435adfdab15ab0e08b3227d84f0cd597ac2ff
-
SSDEEP
1572864:CXAcQglVWsZSk8IpG7V+VPhqfJE7VvlgoeiYgj+h58sMwRfZRK:CXAc5HhZSkB05awfWeoA59
Behavioral task
behavioral1
Sample
LemonPlatformer.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
LemonPlatformer.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
LemonPlatformer.exe
-
Size
80.3MB
-
MD5
707acc21bf0fffca8a809ef3b075e8f0
-
SHA1
aff80e0204195268036ba0f37a5c7e43567c4751
-
SHA256
d8b10900756b45891227336cff7bfb50860615f50a5f2a9a9295aff4b67b9784
-
SHA512
820a1e0cfe28b1ff01e870a6c5119c4b1aab493fad9434c721fed1ab02c2f7bc8f79a9d24899d92e4a00d5ade59435adfdab15ab0e08b3227d84f0cd597ac2ff
-
SSDEEP
1572864:CXAcQglVWsZSk8IpG7V+VPhqfJE7VvlgoeiYgj+h58sMwRfZRK:CXAc5HhZSkB05awfWeoA59
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
db40ce247b464d3ac0d15080f22ce442
-
SHA1
eb10f081e16c9566f1b487d39eda3fb8fa4b0de5
-
SHA256
74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046
-
SHA512
c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e
-
SSDEEP
384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
ddc40a1cee51500039f5c98ef7b1d3c9
-
SHA1
1e65cf0d7acb74e429844d2ee5b2d39369d17750
-
SHA256
1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436
-
SHA512
c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db
-
SSDEEP
192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE
Score3/10 -
-
-
Target
misc.pyc
-
Size
5KB
-
MD5
fccbf8762a2d6e382b044d73c9969fbc
-
SHA1
9530b874a2fb37cef0bdbc13775d64400c6158b4
-
SHA256
bdadc8d5f54a135e4cad6dd398023cc5a8053619489b38d4b22e104215572f89
-
SHA512
359b92919a585e4191bceb029e05c9af95816fc023fd5d566d4a5d9fc88b216cace2fe54dacff65decb68d9ad724386467f367a4fadc68b648a44f5b14f84d20
-
SSDEEP
96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0oIHEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0oIHZeQ
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
1ca5633be35a5db415bc83be9852bf0e
-
SHA1
710a4da76579449bb0b45eecedd42aea82ba6b35
-
SHA256
07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099
-
SHA512
9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb
-
SSDEEP
192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
186KB
-
MD5
e6931dff7679d0ea5b65e86d3494a588
-
SHA1
4751ddb5b4d5202c488f7099a54a745e2c371744
-
SHA256
bd796383ee00fd15f26de99d323e6d722f9bd469b687edee45027d7285e6ad0a
-
SHA512
7e03d4f59a08daad35d40a1d052a2a172e8f69aecf3ed4619178e89ae18a4c3c56ce8bdaf9f3e6e82a987624d94beaecb175ca37a41ef847c6fd700df9b6ee71
-
SSDEEP
3072:c8HYL7fo6A9MpceaoFJVqvpuSIVMZJj7qgRcrcGC8n0:cv/foLyaoFTquSImZJj7qgRcrBCp
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1