Overview
overview
9Static
static
9New folder...ew.exe
windows7-x64
7New folder...ew.exe
windows10-2004-x64
7New folder...ew.exe
windows7-x64
9New folder...ew.exe
windows10-2004-x64
9New folder...ss.exe
windows7-x64
7New folder...ss.exe
windows10-2004-x64
7New folder...ew.exe
windows7-x64
9New folder...ew.exe
windows10-2004-x64
9New folder...ox.exe
windows7-x64
7New folder...ox.exe
windows10-2004-x64
7New folder...ew.exe
windows7-x64
9New folder...ew.exe
windows10-2004-x64
9New folder...ew.exe
windows7-x64
9New folder...ew.exe
windows10-2004-x64
9New folder...ew.exe
windows7-x64
7New folder...ew.exe
windows10-2004-x64
7New folder...pv.exe
windows7-x64
9New folder...pv.exe
windows10-2004-x64
9New folder...pv.exe
windows7-x64
6New folder...pv.exe
windows10-2004-x64
6New folder...ss.exe
windows7-x64
9New folder...ss.exe
windows10-2004-x64
9New folder...pv.exe
windows7-x64
3New folder...pv.exe
windows10-2004-x64
3New folder...oi.bat
windows7-x64
9New folder...oi.bat
windows10-2004-x64
9General
-
Target
Newfolder4.rar
-
Size
1.1MB
-
Sample
241110-cvj2bsxdqk
-
MD5
356f6e8762d1d5bc83d902e5d75e0533
-
SHA1
82a22059cac559ceb65019edf0b6ff0d4bb17bcc
-
SHA256
7a8aee0ff7f0eb5c8eda7fecdad3616e44adf6da1cd89dac50ae7e322f9d9ce3
-
SHA512
8747c1ee01dd7fe2d0e09354c3fd24b273aca7dd4c2bd9117a515b5e626d6397913bba45c32e05d5de5a3e19bccd988256244c1a671cc55b31c3796a902c92c1
-
SSDEEP
24576:LkxtJ6z9Gt46DvZsUuA3lVVBnM/CMp/cmRHm1E06Bbq:Lk389Gt46DBsRMlVMaMp/FH9Bbq
Behavioral task
behavioral1
Sample
New folder (4)/free robbux/BrowsingHistoryView.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
New folder (4)/free robbux/BrowsingHistoryView.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
New folder (4)/free robbux/ChromeHistoryView.exe
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
New folder (4)/free robbux/ChromeHistoryView.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
New folder (4)/free robbux/ChromePass.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
New folder (4)/free robbux/ChromePass.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
New folder (4)/free robbux/OperaPassView.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
New folder (4)/free robbux/OperaPassView.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
New folder (4)/free robbux/PasswordFox.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
New folder (4)/free robbux/PasswordFox.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
New folder (4)/free robbux/RouterPassView.exe
Resource
win7-20241023-en
Behavioral task
behavioral12
Sample
New folder (4)/free robbux/RouterPassView.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
New folder (4)/free robbux/SkypeLogView.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
New folder (4)/free robbux/SkypeLogView.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
New folder (4)/free robbux/WebBrowserPassView.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
New folder (4)/free robbux/WebBrowserPassView.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
New folder (4)/free robbux/iepv.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
New folder (4)/free robbux/iepv.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
New folder (4)/free robbux/mailpv.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
New folder (4)/free robbux/mailpv.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
New folder (4)/free robbux/mspass.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
New folder (4)/free robbux/mspass.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
New folder (4)/free robbux/pspv.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
New folder (4)/free robbux/pspv.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
New folder (4)/free robbux/robuxboi.bat
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
New folder (4)/free robbux/robuxboi.bat
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
New folder (4)/free robbux/BrowsingHistoryView.exe
-
Size
328KB
-
MD5
d904768ad20e0a62b10b99c64931570b
-
SHA1
64c55b7f74ed9b7214c390ed4a35b383c536b55d
-
SHA256
96a74d742c4cc761d1807f263844ad6c152f54b248362d2a2dc832d030dc29d8
-
SHA512
d91327b4b9f3a77d624dca7f21a0b8fd17662e79dc16045e87bbb59299fc3a8d32a68e328a32efaf7938a675addf165e6296f2afae6d0b9cf3a3cb9efc7f4d0f
-
SSDEEP
6144:ARjPCc2a/v3TCUX0DB1XUrzD2b27xkaIepAtcmq5:lA9CKrzDmp4/
-
-
-
Target
New folder (4)/free robbux/ChromeHistoryView.exe
-
Size
166KB
-
MD5
2907f996b66c0d6865c1d018c40a3e3c
-
SHA1
0abb66d16df4f548a27c601256dcd4a13f29d6ec
-
SHA256
7763a894a09e9ec525acce501c2fd219c87d2a3c74d02afbbc687fb6e5ade65d
-
SHA512
72e78a6e1efc58ba434c67a0d0357c4da23643d04bb59fd69d6d7ed6339eee6a24726f8fffc0b370cb44333b09c756ebd3b1b4865cc44124efdb79f0306d7145
-
SSDEEP
3072:w7JeQvVTseGHB4WODZdh0+CARAzaA3tSg+hxOxuwicmAUamMFir:w78isVhibzCARcaCB+r8tDmAUam
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
-
-
Target
New folder (4)/free robbux/ChromePass.exe
-
Size
214KB
-
MD5
7b641e136f446860c48a3a870523249f
-
SHA1
f55465c1581b8cc1a012d3b7d8504c55e8e66e1c
-
SHA256
4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382
-
SHA512
fd6f09775539e77e83927585d8a3ef230399be5bd0798f073e925113faf219225145df230fc0d232c8c6d1f0ec28936b7ac593dcb25f72796310f117811bd09b
-
SSDEEP
3072:MqAceXnK1+cDhMoz0tK14S23JAzZz67uM5/CR7HVmvEuXb1/ef5iJ3l3kyY7Za:M/jchMoStJqzk4R7EvEuXJ/Oi9l3kc
-
-
-
Target
New folder (4)/free robbux/OperaPassView.exe
-
Size
39KB
-
MD5
8b4ae559ad7836b27ee9f8f171be8139
-
SHA1
c60ddcfc7b3954f4d0d515b1fdaf47c6999e50a4
-
SHA256
1130504f6095d2b09fb1ad39323ab9448798b41eb925539e2128160cec106609
-
SHA512
df13ae1aa3b481d1a819736af6dbf5fea5c930a1fe18ea0368a0d2efbe20334626dd90b42757bf8ef080f229e502c97cd6f5173738bc4967e26a04aee61c040b
-
SSDEEP
768:L2ivyslykfdDY/D16P71WO9xyOMEdSv2mtAl4B6FEfP0JtyEECLvxYZqw:ii6q5dE/Kj/5iUJDglqw
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
-
-
Target
New folder (4)/free robbux/PasswordFox.exe
-
Size
81KB
-
MD5
1d09a1fb8cd5bbc0ce008d6df52ca7c1
-
SHA1
64d06f4325551f05057ab9210f9d680417b75d8d
-
SHA256
a4094e317a04a863e0cd8f66a4b8891d1d66261abe7c25aa83d534f17fcf1c40
-
SHA512
42f8e8f2d1624c66cc81b1086e8148ff42c0759d1950602590d0064175f360117ed118f436d8d44f686c351b589d71bcc823a1a831785fae3a76b4264700a27f
-
SSDEEP
1536:sfFduXbNkCUb9GEfwZqjLinXdYibws0zEe6RGV7rH7zgwyeg:oFdqkCUb9GbZqvinXdYibz0we6gV7rHW
-
-
-
Target
New folder (4)/free robbux/RouterPassView.exe
-
Size
71KB
-
MD5
e8e5092e66437517f5940e1498075ccb
-
SHA1
92518cd8f52fc30e852f3b51450f9288b2f36b70
-
SHA256
cee7a91f25d2bed0ba442b25bc5a4c516c61d4bacb3c096dfdbda29efb99a140
-
SHA512
af5244603718e211f851b92a71f4fa794475a76bce2c4d10fe58dc2de0f6af03adde64e2e3a25918297f51fadba10a9533fb31cfeef0361b31ae93b891abcaca
-
SSDEEP
1536:Gw0y1nAzKcbvLx+qLxxugU3GI71x5wVtsUtvc4R3Z0qehOx:GwDNTc/04NG7hx5wVuiBR3Z0qX
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
-
-
Target
New folder (4)/free robbux/SkypeLogView.exe
-
Size
176KB
-
MD5
785d31c38a4b22d5565553ff1ea237d2
-
SHA1
3328ce00d2f9cfe8c8a7e1f160608531b1b2e3d6
-
SHA256
8a9fa898036cba2b6a8face4857ce39dca55fb97659cb72c3c51d18b4bf8f01e
-
SHA512
1f16091d14ed2906021a643e96b192f7893f7c5fe0b38ac3bd9ce906ee17a847f97648a1084336f8a6a31de72174e34b21fd3c64aa9c0b1822290e57b603d5b9
-
SSDEEP
3072:5qZCncA72odyw83PYEreyqhWLwr9/Uv0qFyMMxQimJUuXdK/c7oDJwJinMgZskrw:5tQocxCzvLYaQimGwdK/c7Y4gr05
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
-
-
Target
New folder (4)/free robbux/WebBrowserPassView.exe
-
Size
322KB
-
MD5
72fd6461a367042c3a0a661eda3e54ee
-
SHA1
3173415de5974721403dee428734a1770a209343
-
SHA256
968f4d16f90626f97ee929ec1b0ef9b78033c5cd1914de26e751091d078e2d4c
-
SHA512
0ce286e6a1248d7597ab2b86d015855168af61124b272073dd6b14ff0f3c2f60b94fedebc73bb3cf4731f42e8d7b39915b19c56ba7ebff84835a734b8a1beb83
-
SSDEEP
6144:YsLJowx1cVu3Ml1f28Bdc33je5NfA9NAtaKkihA:YC7xpkLDc38495Kkv
-
-
-
Target
New folder (4)/free robbux/iepv.exe
-
Size
43KB
-
MD5
c861fe184e271d6e2ba958da306ba748
-
SHA1
b039e4d8e70261dfdf8ee521dcbc3e04348423a5
-
SHA256
f8a112b0d1ce4142e4d69cadfc2748c27026b491532fba18d9160f7eb48b4886
-
SHA512
ea127eaa149b5ff1b1f1de3891563b2e064e043f03e48ca298d3539e1f572297abd4efd951021372ba0090b8c30c06e7d144bec6d9828a5cc08a644155a8f3ce
-
SSDEEP
768:TI/86WM0Rk9UXwYlX154ozTouldUZlhPOH6lvXsV:uKkKgYlXck075POaVXsV
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
-
-
Target
New folder (4)/free robbux/mailpv.exe
-
Size
96KB
-
MD5
db19075b6a18a679cc10f4a6a8be7b3d
-
SHA1
3da06ff6009b3d68a8a5f5f40c3a5a01777ae356
-
SHA256
ed911e9f4a61d62b2f97922a8bc277890f4b1ff95ec1394dc6a1fdab7dcae2af
-
SHA512
6d7c7842cee99949d176f5846d33e64e7c5ca7de9e4670c48dab49ef5ed810c0e10ae9c80dcd535168989d39e8e53271e03edebcb2f4d53ca5b6042fa4694041
-
SSDEEP
1536:KHMWvbUW1YC9Xn+jOs9aUjsxhe2k11emO1bK2Rgmc/79X0dZbn9w2K0f:uMWvbH1Yy+C49jYJcerbG7/g9w2K0f
Score6/10-
Accesses Microsoft Outlook accounts
-
-
-
Target
New folder (4)/free robbux/mspass.exe
-
Size
65KB
-
MD5
ffc52f2b4435fcddaca6e15489a88b75
-
SHA1
63ec31a04cf176852344d544ae855da0dac64980
-
SHA256
3f3c8484962b395f304a836ee5e8ee17beaafe982795c9747d8ee98cc6e4ca8f
-
SHA512
389694feccfe6ca352705b9481913fece6d1d47083f235ccdd60c05cfda82606be53845fde0dba8ec3f3748f820a828c9be0ce078c8b9cc853285b23f172841c
-
SSDEEP
1536:hBcOUiUlO1/DXn4cHJ4dPaCnpWqOaeziqf7mvvXWVcZ0:hBcu/hDXn/JgaMEjaOsXV6
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
-
-
Target
New folder (4)/free robbux/pspv.exe
-
Size
51KB
-
MD5
35861f4ea9a8ecb6c357bdb91b7df804
-
SHA1
836cb49c8d08d5e305ab8976f653b97f1edba245
-
SHA256
64788b6f74875aed53ca80669b06f407e132d7be49586925dbb3dcde56cbca9c
-
SHA512
0fdfe62c86c8601bb98991149eea51ddf91b812ad2c2d45e53aaf1f36a09d00aaf02fc3d183179cf5367fda09d6f62d36c0187da2dfa5e08df4c07cf634690be
-
SSDEEP
768:JWNjuQOjoBiZFmOlhAIqAs8Q65bQPC1/u8fxmZTxeA9r7Vw:JWNaQOjgiZFmOlpCrq1/ubZTxT9r7V
Score3/10 -
-
-
Target
New folder (4)/free robbux/robuxboi.bat
-
Size
7KB
-
MD5
65dcdf6be470f4b69915c4cbf7c10877
-
SHA1
e480cf30454a0f5c09ac73cdf72192a1abf26713
-
SHA256
6cfb933d54ecd331128570b9ed31c25a7520dcd70fc8cbac041f78c90abaa509
-
SHA512
3f8e19f84bf4789c91937c902c799ae59c29b8087176f6d02d22bde2b0336fed58377b82df4c72f532ce99714ee1d885b325a01fbec267bdf981d6d58038b567
-
SSDEEP
96:dy1jI+hFjju23zX0FoyFaIU7yeevW5My0FEvVkv2vt98JQyFjKq1eGWWg:dKLjaQzX0aaaIK70FKVPP7ysCzrg
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Accesses Microsoft Outlook accounts
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1