General
-
Target
RadiatorBooster.exe
-
Size
77.5MB
-
Sample
241110-vtw9da1jct
-
MD5
6114567f8dd82cb30ab76977e1f3e9c2
-
SHA1
a3de50e7037d1fe38e5fe66b4fdc1505ee9fe3e4
-
SHA256
38bc3239b5cf71dc370502c20527717b02ad63ee2948894a447d20839f327939
-
SHA512
4bb4c587d867af56e17fc2856dcb3d19fa8b1e406ceba327c81fb72770fc05bdbe9b442ef4e4247a77684e24905200962d1ce906b18a82e928ae9f84dc519e78
-
SSDEEP
1572864:b1lVW950hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP7Xip5ivMazqvCZH1O3:b1bWySkB05awFeLpnNpur7ZvMsRrO3
Malware Config
Targets
-
-
Target
RadiatorBooster.exe
-
Size
77.5MB
-
MD5
6114567f8dd82cb30ab76977e1f3e9c2
-
SHA1
a3de50e7037d1fe38e5fe66b4fdc1505ee9fe3e4
-
SHA256
38bc3239b5cf71dc370502c20527717b02ad63ee2948894a447d20839f327939
-
SHA512
4bb4c587d867af56e17fc2856dcb3d19fa8b1e406ceba327c81fb72770fc05bdbe9b442ef4e4247a77684e24905200962d1ce906b18a82e928ae9f84dc519e78
-
SSDEEP
1572864:b1lVW950hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP7Xip5ivMazqvCZH1O3:b1bWySkB05awFeLpnNpur7ZvMsRrO3
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
143e1ca54a6631128428c6bf7515cfd2
-
SHA1
b560459179c580bb22f5adc24f4b3b5851c4f1ad
-
SHA256
25cb908eb359f31428c9932d4f98df7f2ee647d3339ea9a7c86ad281b03d8c4f
-
SHA512
bc94451702fbe45339999569a1b5935ff2f1daebce10188305995364e047bc19582ba7077d4ab6ceb3cf1c5f21438c3b76416a2b45a0284fbd679c029bc51d35
-
SSDEEP
384:nGC7RYmnXavkLPJrltcshntQ5saa2holHVA:nGCuvkL9ltcsttQ5saaCgHVA
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
32bb8ed84a18f665d03dd5afbc7b65b0
-
SHA1
a2129ec6568e20c620429d884a13cd4671504a2b
-
SHA256
7d9fff7c91679c94728b83eeabc34f54201fc9ee6fa6806665b25007ce5b88a6
-
SHA512
399198dfac2fd7bdea480d93d836c2f194ae9c93d7ee7855537cac44bf7c6e463a8104f7f7380b9f075fdd67bb12027909ce2d3407b5423d2837a96c3c835bc2
-
SSDEEP
192:lNaBBeiNR9QfUF2x3NC79F21aG67+DAhN:lPiT2XtFcjKDAhN
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
c42e089e863f6e8137098c45fceab40e
-
SHA1
6518578e7b5f2480492334238b84ad3be5b1380c
-
SHA256
62c5f58bfd4b9cee38e6b973ed8000eda063488096380acf6ab7264f8c1df76c
-
SHA512
9e8ccd4383728166faf22c3f10fd471388ef8084c5e000e9fe58241c6ef4b9abd23a29de032a69a332ff41c852fcf786941ccf4ddfac1b4cb28b6251ab4942f5
-
SSDEEP
96:XSMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:iolvyz8evq+VBXZGQlvmV1k5hub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
d23a91aebc53fb0d013c182fc10a569e
-
SHA1
2fe4680de0ddafad84c4cf69d5427674ee2f49d9
-
SHA256
5fd25ed5ea1de4064160ee4559dfba63fe1e4b86fd631c388581ddebfc975b7d
-
SHA512
97c4aeb2d64469d6d469066bfa24135ad9351f79cbafe5f97ccdbc4e8d759684789f10efe08f50db0d33b8a923b0d9bb6c4ad6d49aadc938472781fd37ca0024
-
SSDEEP
192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:64qWLlMFyVMHAE/4
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
167KB
-
MD5
82cd7ac965f5af6b7e3a0a18602e229c
-
SHA1
c49d9c94d72234a7821b0437c9555918c04210f9
-
SHA256
37a40d8cbbcaa6e25df3738b44946785ca2a673707ae4b2a6a3d1d6458b0d716
-
SHA512
7248d589debc6274a6152568ba9a99642b8654ab9067c30af3bc3c87f2056aff00fea2addc6621aacde0b72cc3e652f4a4ebf0938ab5bd2045061546efb93423
-
SSDEEP
3072:NQinaOO2xkSMS4DoBPZTerfSc6ASfeIvdXzepsTxf:NfnaOO2xkScDoiaPASfQsF
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1