General
-
Target
source_prepared.exe
-
Size
102.9MB
-
Sample
241124-x2331avme1
-
MD5
e5d776d0a738f622496507a407bd31a8
-
SHA1
379fc39a0b331b9892a886bef75b7d2f5f656816
-
SHA256
8ee9f9af08c9c58408503c08604f1af166620267e9e09f800c05e3257b5c147b
-
SHA512
46d427f5e8bc35d7ac1677add6e84461a12bd2fdb6b2398518341cba6c6f11c703d77c7490a5e2e23af258b2391ce831d130eda2170fc527081fcba549626877
-
SSDEEP
3145728:AnG2r7rS6xjKcBanL2qHO5iVAunGQbRe0zJcBVPZ2:vgnSWNaBHCin1XcBa
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
102.9MB
-
MD5
e5d776d0a738f622496507a407bd31a8
-
SHA1
379fc39a0b331b9892a886bef75b7d2f5f656816
-
SHA256
8ee9f9af08c9c58408503c08604f1af166620267e9e09f800c05e3257b5c147b
-
SHA512
46d427f5e8bc35d7ac1677add6e84461a12bd2fdb6b2398518341cba6c6f11c703d77c7490a5e2e23af258b2391ce831d130eda2170fc527081fcba549626877
-
SSDEEP
3145728:AnG2r7rS6xjKcBanL2qHO5iVAunGQbRe0zJcBVPZ2:vgnSWNaBHCin1XcBa
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
aaaeca514d98795f954c1f2eebb18881
-
SHA1
6331352aada5256452c43545bb6593958602a20c
-
SHA256
a808291bd70bbd15bedd818ef25a1dbcfbf548330fd9ddf5244143ec3eb66cc6
-
SHA512
ec9c019d0061103e1e1b3db7feb346136e5e4f447804f9586aacdd7da3c9b877bda1221735b08fc44586cd443b8909664a22bb90ce3a4230402357d35fe80883
-
SSDEEP
384:nGC7RYmnXavkLPJrltcshntQ5Maa2holHVg:nGCuvkL9ltcsttQ5MaaCgHVg
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
b97f0689742bd69af8900cd3731c5294
-
SHA1
28ccff4aa6009fc86d4561e5bc37ea2fb175a689
-
SHA256
b080857887222e4c048bba2d7bb3ebc25cc26f31bb26f645fafc01de4e46a03c
-
SHA512
9b2c471688fee5cb3d1112ec0d594f5c16371dbb6a1dd30668f64746f2073cea377ca6797928e67bfc933e03c52d819ec676f00a115ef3afa4eeb240daf71883
-
SSDEEP
96:nlNatjbBMMKiNW8Zxh9ybA6HUWc4/xIgBZFLjH2K8BXFxUBvF/A7qx3MlMFztwX3:lNahBeiNR9QfUF2x3NC79F21aGaqDAht
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
3eb4ff2a9be2d13ecb7343cf82865294
-
SHA1
6f9d52b590a15de10dd4589ced7320734371b844
-
SHA256
5697249c80354c3adbbb6ae7f2068bd5e0ab44ce08def7b1ef168508fb1fb2c4
-
SHA512
776bc0e43593579b7a82bdf0ed77ba89803111b5651cf222c82a7245cd9a297560e3400dc9fcefbed56a91cde4f786f2d745e931102c4ac8750044f2f5072f63
-
SSDEEP
96:XSMlhlvSzMPDweHPF8+VB7sHIZGQSWfvmyyZ1k9zBub:iolvSzM0evq+VBXZGQlvmV1k5Bub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
e51a6ecd8527b9e758afb60513356e19
-
SHA1
89feb7e8f793bef5dc22556196bb9b03387476fe
-
SHA256
3c2a8cf8d20d10c27c1c389064abbcce9aab9d6afe5cac26a376ebedf551bece
-
SHA512
acc505cea3eff572570b05418931b9be9339c0dd91922ce5ef470810bf861f2395535ccab883f470910bb4e0c9dae309382044568ae0a3aba2b9323ada1f784d
-
SSDEEP
192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuT:64qWLlMFyVMHAE/Y
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
172KB
-
MD5
d635eedd444f3b2a3e9a93d4892ae88d
-
SHA1
cbac83fc66692322eaf61401d3e4c97660a1a40d
-
SHA256
e5f7feef6a6613de3af7067791adeb280c28869d1c402a11b063c28ffbe20878
-
SHA512
99a27f46f0681eecba16c1efcfc9d1a2d3891a1923cf00175da25d58ee9cea8e893c5d0c67cafbdb6323a103b5a812d55f4a7892c6cdd50a43fcdf4b10e7f94d
-
SSDEEP
3072:jrD+e0aOO9Ek1OFLhodPZTerUScdQQV+GJIvdXzrTsTxw:jrCe0aOO9EkwhoGj8SGcse
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1