General

  • Target

    aa77429a62c8f4a59bdc82c5258c9123_JaffaCakes118

  • Size

    71KB

  • Sample

    241128-bvdc4syraw

  • MD5

    aa77429a62c8f4a59bdc82c5258c9123

  • SHA1

    eb1508f0a2e3a5d86cb348e1760d86073d879255

  • SHA256

    4839de6c2774ef432d84630f204abe3b6505721a7aa1875bc523b10c1857e14d

  • SHA512

    1dfbedb0b43361d2daca1e2eb35930bac2b9945f640fd54a5bb9b026b9ba1f22959041170dd968daa58cdfff27f911e6048237db6b870941152bf4cccf78eadb

  • SSDEEP

    1536:9syCnOnVDIiC0WqhOVqijqLGwXjwN7cxtWuf4kImOJI4kcIr:yjnOJIiJWqhMqSwX0N7cx9zOI4kc

Malware Config

Extracted

Family

growtopia

C2

https://discord.com/api/webhooks/875342035450732574/VfRKUe0abDxr5_1cWoOMyQRCf1ABdhs1NhJZUSLZnx8ZgnVye6IKnRT5s7fVjsUbsi_X

Attributes
  • payload_url

    https://cdn.discordapp.com/attachments/751900698802782343/751901202178113729/bdb1cfc204098a6920a413c3c5ddfb36.png

Targets

    • Target

      aa77429a62c8f4a59bdc82c5258c9123_JaffaCakes118

    • Size

      71KB

    • MD5

      aa77429a62c8f4a59bdc82c5258c9123

    • SHA1

      eb1508f0a2e3a5d86cb348e1760d86073d879255

    • SHA256

      4839de6c2774ef432d84630f204abe3b6505721a7aa1875bc523b10c1857e14d

    • SHA512

      1dfbedb0b43361d2daca1e2eb35930bac2b9945f640fd54a5bb9b026b9ba1f22959041170dd968daa58cdfff27f911e6048237db6b870941152bf4cccf78eadb

    • SSDEEP

      1536:9syCnOnVDIiC0WqhOVqijqLGwXjwN7cxtWuf4kImOJI4kcIr:yjnOJIiJWqhMqSwX0N7cx9zOI4kc

    • Growtopia

      Growtopa is an opensource modular stealer written in C#.

    • Growtopia family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks