Resubmissions
25-09-2024 13:50
240925-q5agjaydkn 10General
-
Target
Repair.exe
-
Size
75.7MB
-
Sample
240925-q5agjaydkn
-
MD5
02a244790c675d87239a32f87e104a1c
-
SHA1
b19f980e442c44cc93a6ef80ab6f0d249b71a9b3
-
SHA256
8d18d543ab6b64a1366ff9cd8d6f74a699ee0852af2d09eed457d65db0f4ee46
-
SHA512
3da314fe9d8b5dc2ea7709184e2915d7564ed02bc1385aaaf90b5f8cf826727b74014bd3af43b059d6aaa39e3c352cc0a8c326f290adcd117e11ee56a2cccaa1
-
SSDEEP
1572864:dvhQ6lUWeKWSk8IpG7V+VPhqIUE7WTylPj4iY4MHHLeqPNLtDaCC1UZp4LE:dvh1mlKWSkB05awIATy5nMHVLtelU4LE
Malware Config
Targets
-
-
Target
Repair.exe
-
Size
75.7MB
-
MD5
02a244790c675d87239a32f87e104a1c
-
SHA1
b19f980e442c44cc93a6ef80ab6f0d249b71a9b3
-
SHA256
8d18d543ab6b64a1366ff9cd8d6f74a699ee0852af2d09eed457d65db0f4ee46
-
SHA512
3da314fe9d8b5dc2ea7709184e2915d7564ed02bc1385aaaf90b5f8cf826727b74014bd3af43b059d6aaa39e3c352cc0a8c326f290adcd117e11ee56a2cccaa1
-
SSDEEP
1572864:dvhQ6lUWeKWSk8IpG7V+VPhqIUE7WTylPj4iY4MHHLeqPNLtDaCC1UZp4LE:dvh1mlKWSkB05awIATy5nMHVLtelU4LE
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
discord_token_grabber.pyc
-
Size
8KB
-
MD5
849e6942b15c2008c7641432902645f5
-
SHA1
60942191e1ab3c6d3edf697b57d09c1620c51710
-
SHA256
fa4ec025ef2d20b6ebd19803e7131f6b540a7ba14d6769bfd62c37fb875a134b
-
SHA512
0e6611f100ea22b2d5d5632cd099f87d57696b73bb9c9d10dde98477b2bb1ff927816b54ee005e07df49d6897f36ad3d858ac142ae082d25800f07597f67248a
-
SSDEEP
192:ESB7osP1MJaugQXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavQTqacyq35D0Fnv
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
5KB
-
MD5
2754e3152f668e31fccca7b6f275716b
-
SHA1
e9ed74d679a96372c4457e72bc6639a4d96a2378
-
SHA256
f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca
-
SHA512
a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47
-
SSDEEP
96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94
Score3/10 -
-
-
Target
misc.pyc
-
Size
2KB
-
MD5
bcb404423ac51f798753e8d11e401071
-
SHA1
9080018dae3aa157e3a97904c86af06d4a0a6873
-
SHA256
572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a
-
SHA512
25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
4KB
-
MD5
8b9cbd29c3dfec519a4313b1b7a0069b
-
SHA1
5efb073593bc8908a7514dad78673c9d65344a6f
-
SHA256
589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3
-
SHA512
c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd
-
SSDEEP
96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
65KB
-
MD5
0d087269cc5d82f6f1ff460fb6997a60
-
SHA1
7fe02f19d6c1ff1bf17ba487d2bf18eb667f6990
-
SHA256
12f1a387f7224e7630076493fc8db9bd3d07c69f9c154d9d4321c817aa16cf98
-
SHA512
3cf7c5292b8d72470e427822f85da3560b0c7dcceebf86b077d769c8b915e5fb1c45bcf35cf4e605a14aa76fefea3d82e3222807ec42cf1e9452f4e00c221b64
-
SSDEEP
1536:20xgVgJPkBBj1uYCFjUIOihdBsoGwjRQ5J:Fg2FkBkFwIOCsoD2
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1