Overview

overview

10

Static

static

10

netflix co...en.exe

windows7-x64

7

netflix co...en.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    netflix cookie gen.exe

  • Size

    77.7MB

  • Sample

    241003-ckhqhssgld

  • MD5

    0866725b7eba511b1f89040a7c70e6f7

  • SHA1

    5820d85092f8b2b4b86fdd9a10c7d1d77f170ee1

  • SHA256

    e481ba9c957cab0d3832b2756726920cc8ab48f64e9d906cad11add37f1dd5cb

  • SHA512

    547e8b5417d19d2487db41c25d78e14f57de878c7cd57944a78c99e6a6ddf11f88234a2772dd9a69c868f15b47b87cc9bb6440fcf7a9a355202af7c77fc62b7e

  • SSDEEP

    1572864:YcRlnWwmSk8IpG7V+VPhqFxE7ulhpBBPiYweyJulZUdgD7LVxyyOlPH1O3:YcRVzmSkB05awFjLpnApu/7LVg3tO3

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      netflix cookie gen.exe

    • Size

      77.7MB

    • MD5

      0866725b7eba511b1f89040a7c70e6f7

    • SHA1

      5820d85092f8b2b4b86fdd9a10c7d1d77f170ee1

    • SHA256

      e481ba9c957cab0d3832b2756726920cc8ab48f64e9d906cad11add37f1dd5cb

    • SHA512

      547e8b5417d19d2487db41c25d78e14f57de878c7cd57944a78c99e6a6ddf11f88234a2772dd9a69c868f15b47b87cc9bb6440fcf7a9a355202af7c77fc62b7e

    • SSDEEP

      1572864:YcRlnWwmSk8IpG7V+VPhqFxE7ulhpBBPiYweyJulZUdgD7LVxyyOlPH1O3:YcRVzmSkB05awFjLpnApu/7LVg3tO3

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      143e1ca54a6631128428c6bf7515cfd2

    • SHA1

      b560459179c580bb22f5adc24f4b3b5851c4f1ad

    • SHA256

      25cb908eb359f31428c9932d4f98df7f2ee647d3339ea9a7c86ad281b03d8c4f

    • SHA512

      bc94451702fbe45339999569a1b5935ff2f1daebce10188305995364e047bc19582ba7077d4ab6ceb3cf1c5f21438c3b76416a2b45a0284fbd679c029bc51d35

    • SSDEEP

      384:nGC7RYmnXavkLPJrltcshntQ5saa2holHVA:nGCuvkL9ltcsttQ5saaCgHVA

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      32bb8ed84a18f665d03dd5afbc7b65b0

    • SHA1

      a2129ec6568e20c620429d884a13cd4671504a2b

    • SHA256

      7d9fff7c91679c94728b83eeabc34f54201fc9ee6fa6806665b25007ce5b88a6

    • SHA512

      399198dfac2fd7bdea480d93d836c2f194ae9c93d7ee7855537cac44bf7c6e463a8104f7f7380b9f075fdd67bb12027909ce2d3407b5423d2837a96c3c835bc2

    • SSDEEP

      192:lNaBBeiNR9QfUF2x3NC79F21aG67+DAhN:lPiT2XtFcjKDAhN

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      c42e089e863f6e8137098c45fceab40e

    • SHA1

      6518578e7b5f2480492334238b84ad3be5b1380c

    • SHA256

      62c5f58bfd4b9cee38e6b973ed8000eda063488096380acf6ab7264f8c1df76c

    • SHA512

      9e8ccd4383728166faf22c3f10fd471388ef8084c5e000e9fe58241c6ef4b9abd23a29de032a69a332ff41c852fcf786941ccf4ddfac1b4cb28b6251ab4942f5

    • SSDEEP

      96:XSMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:iolvyz8evq+VBXZGQlvmV1k5hub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      d23a91aebc53fb0d013c182fc10a569e

    • SHA1

      2fe4680de0ddafad84c4cf69d5427674ee2f49d9

    • SHA256

      5fd25ed5ea1de4064160ee4559dfba63fe1e4b86fd631c388581ddebfc975b7d

    • SHA512

      97c4aeb2d64469d6d469066bfa24135ad9351f79cbafe5f97ccdbc4e8d759684789f10efe08f50db0d33b8a923b0d9bb6c4ad6d49aadc938472781fd37ca0024

    • SSDEEP

      192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:64qWLlMFyVMHAE/4

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      172KB

    • MD5

      218b2b99f5f2bad418c77a6bc8434000

    • SHA1

      55a644589eb81bc46b33ca741459f552c1d6d0e3

    • SHA256

      b766ed6214f95f51883129bdaf2f22dea142a5d023c37a079b93ceb9e804ef1b

    • SHA512

      af4af822b6284abc16b88f09bdd0cb2cca821ed76c81314de0c3f628a890c93a7b44ca7151546097241179ed15d05eb08e2f06f1fddcc4790f487e2b2c142dd2

    • SSDEEP

      3072:jrree0aOO9kk1OzLhodPZTerUScdQQV+GJIvdXzr1sTxw:jrae0aOO9kk2hoGj8SGCse

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks