General
-
Target
source_prepared.exe
-
Size
77.6MB
-
Sample
240930-y7jrzsxfmh
-
MD5
b13194cd15729b6eee0b35f175c2591f
-
SHA1
ce44a71b5a27fb53ed412c0cd97eb589682231f8
-
SHA256
fe357d72f46022e1efc8c8a88437bb4fb9fbf81830997db48d6f7a869985e606
-
SHA512
b3903c5f4e62bd6ef6a40dd9ad91bc0b49dac224abc03eb0524f961082a5a610bce9f3a0fe28279b3626b9ed038aff36e4f359c973ebde9e75946e566ad562e3
-
SSDEEP
1572864:hIvHcRl3WwmSk8IpG7V+VPhqYdfzE7tlhTgiYweyJulZUdg1hKrRdETV37U:evHcR5RmSkB05awcf2LVpuxhKrD4o
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
77.6MB
-
MD5
b13194cd15729b6eee0b35f175c2591f
-
SHA1
ce44a71b5a27fb53ed412c0cd97eb589682231f8
-
SHA256
fe357d72f46022e1efc8c8a88437bb4fb9fbf81830997db48d6f7a869985e606
-
SHA512
b3903c5f4e62bd6ef6a40dd9ad91bc0b49dac224abc03eb0524f961082a5a610bce9f3a0fe28279b3626b9ed038aff36e4f359c973ebde9e75946e566ad562e3
-
SSDEEP
1572864:hIvHcRl3WwmSk8IpG7V+VPhqYdfzE7tlhTgiYweyJulZUdg1hKrRdETV37U:evHcR5RmSkB05awcf2LVpuxhKrD4o
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
a7684f2f409990743d310cd7ec306ddc
-
SHA1
0949beaa2fc2dbd56e9ac2c111910c8471cb420a
-
SHA256
be495ca4cc94405470e197a0dbeda88efa08dcc970c7ad3674b571515ad93b3f
-
SHA512
fcfebe9c955e7754042bc68056a973e6557929731af19bb28c95491a91909cb77e853a7b6aad03bff4f2c565df7a7804183cf531c72fe25b738f53b1b2ac2351
-
SSDEEP
384:nGC7RYmnXavkGP3ltcrhntQ5saa2holHVA:nGCuvkoltcrttQ5saaCgHVA
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
35694b536dc0c47d0553ae39c50bb446
-
SHA1
e33bd8932fde60b2b0882541f4e9cfbae79c842c
-
SHA256
792f864f45d9d7902a9def274d83395b0f0e956dbbdfe55bf5b6ff982decccdd
-
SHA512
fd6ff8f6376d6c3e0f1629fa17c26e905e2eb21fc345c5c53208f327bd0ddeb4046769742a4ed3d8040db604df8622e8e1d1372d80aa3c712b8f5f4be5413a93
-
SSDEEP
192:lNal3eiNis9QfUF2x3NC79F211G67+EtAhN:lJiB2XtF7jKkAhN
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
6d495b44e9fd2e8a2e29cbbd1b0be969
-
SHA1
a4835f4b9cbcc40067336750b7cdabee39c942f6
-
SHA256
2e05a5f62cb667213f1d6d3c892f1fe9caf4680b4e6403f6fc8e16abfcdd9ce7
-
SHA512
0e075cefec03031069ca3586bab20bd1557aa073f3bc03a5e850e6b1fef02f7ba2f659d02369902b0fbab1d56b8e9de3cdca72afd63036569075fb7281c32e25
-
SSDEEP
96:XSMlhlvyz7DweHPF8+VB7sHIZGQSWfvmyyZ1k9qHub:iolvyzgevq+VBXZGQlvmV1kkHub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
9e6db476a4508dbecc9be6d3fded1844
-
SHA1
744090e98eab78bdaf662be63870e3db481cbb01
-
SHA256
3fc08fad501f41bc1609acc74caafc253dc3d3d3215ba19486db8300339ebae9
-
SHA512
cecc7960b7f777caf9d1e976ed6373e60d79979980f2755daca46930bfc719862643a1391fd72c9b173a92e36d99be0d60320570b21bf9918bb127366f81cbaa
-
SSDEEP
192:A114qWLfhuUIxDPK2cxDJb+XUhitovgEuz:64qWLfMFyVxDAE/4
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
167KB
-
MD5
b832b5a5368c993ffbaae4eba40fe5cb
-
SHA1
ac0d63f42f59393a1cf91d5cab94246bdf47c2a2
-
SHA256
1510cfdf3dcdd71d95db482e3c8d994707f830a4e424ea6a76e25a65bce32e5d
-
SHA512
e1bbf9938f979066682eed3cae209354fc61fd1959d07329bf129400ccc9242ec1f4f795b7bf0627040eeabaa8a1f0985a1a55a66137a175ecad8f4f96ccec00
-
SSDEEP
3072:AeiQuaOO22gSMS4vojPZTw0IYScR0Sf9IvdXzpqsTW0:5uaOO22gScvo7If80SfNsn
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1