General

  • Target

    v2.zip

  • Size

    22.1MB

  • MD5

    57f99326d3f928ba22af77cafe740cb5

  • SHA1

    6520df10766b0a03e743bc05db655c636903e131

  • SHA256

    d94259329e042360d48ba2d18cc630277afdaaeebf389dced4d5070831e6fe33

  • SHA512

    9017699dd6f40823f4ca8dbee376e54f42dfb022cd26ca5aa9ba8044382d6e6ed58beddeb1340ef719c0bfc0bd9e069dc936638da6698d4683055bfd4de11400

  • SSDEEP

    393216:MMCJVKXwsfR1wqmV+DMhPZX8uN7u0n8SIg98t/x4XwvRtAXNR8wv+Xc:EJVKF5IJZX8uOx4XwvRtAXN

Malware Config

Signatures

  • A stealer written in Python and packaged with Pyinstaller 1 IoCs
  • Blankgrabber family
  • Detects Pyinstaller 1 IoCs
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • v2.zip
    .zip

    Password: ez

  • Incognito.exe
    .exe windows:4 windows x64 arch:x64

    Password: ez

    4ac9522d6087823c8be475db2fb41b28


    Code Sign

    Headers

    Imports

    Sections

  • ���1��.pyc
  • autoexecute/test.txt
  • bin/incognito-luau.dll
    .dll windows:6 windows x64 arch:x64

    Password: ez

    dfd11645eb4732c0409f51f0532c3683


    Headers

    Imports

    Exports

    Sections

  • bin/save.json
  • build/main/Analysis-00.toc
  • build/main/EXE-00.toc
  • build/main/PKG-00.toc
  • build/main/PYZ-00.pyz
  • build/main/PYZ-00.toc
  • build/main/base_library.zip
    .zip

    Password: ez

  • _collections_abc.pyc
  • _weakrefset.pyc
  • abc.pyc
  • codecs.pyc
  • collections/__init__.pyc
  • collections/abc.pyc
  • copyreg.pyc
  • encodings/__init__.pyc
  • encodings/aliases.pyc
  • encodings/ascii.pyc
  • encodings/base64_codec.pyc
  • encodings/big5.pyc
  • encodings/big5hkscs.pyc
  • encodings/bz2_codec.pyc
  • encodings/charmap.pyc
  • encodings/cp037.pyc
  • encodings/cp1006.pyc
  • encodings/cp1026.pyc
  • encodings/cp1125.pyc
  • encodings/cp1140.pyc
  • encodings/cp1250.pyc
  • encodings/cp1251.pyc
  • encodings/cp1252.pyc
  • encodings/cp1253.pyc
  • encodings/cp1254.pyc
  • encodings/cp1255.pyc
  • encodings/cp1256.pyc
  • encodings/cp1257.pyc
  • encodings/cp1258.pyc
  • encodings/cp273.pyc
  • encodings/cp424.pyc
  • encodings/cp437.pyc
  • encodings/cp500.pyc
  • encodings/cp720.pyc
  • encodings/cp737.pyc
  • encodings/cp775.pyc
  • encodings/cp850.pyc
  • encodings/cp852.pyc
  • encodings/cp855.pyc
  • encodings/cp856.pyc
  • encodings/cp857.pyc
  • encodings/cp858.pyc
  • encodings/cp860.pyc
  • encodings/cp861.pyc
  • encodings/cp862.pyc
  • encodings/cp863.pyc
  • encodings/cp864.pyc
  • encodings/cp865.pyc
  • encodings/cp866.pyc
  • encodings/cp869.pyc
  • encodings/cp874.pyc
  • encodings/cp875.pyc
  • encodings/cp932.pyc
  • encodings/cp949.pyc
  • encodings/cp950.pyc
  • encodings/euc_jis_2004.pyc
  • encodings/euc_jisx0213.pyc
  • encodings/euc_jp.pyc
  • encodings/euc_kr.pyc
  • encodings/gb18030.pyc
  • encodings/gb2312.pyc
  • encodings/gbk.pyc
  • encodings/hex_codec.pyc
  • encodings/hp_roman8.pyc
  • encodings/hz.pyc
  • encodings/idna.pyc
  • encodings/iso2022_jp.pyc
  • encodings/iso2022_jp_1.pyc
  • encodings/iso2022_jp_2.pyc
  • encodings/iso2022_jp_2004.pyc
  • encodings/iso2022_jp_3.pyc
  • encodings/iso2022_jp_ext.pyc
  • encodings/iso2022_kr.pyc
  • encodings/iso8859_1.pyc
  • encodings/iso8859_10.pyc
  • encodings/iso8859_11.pyc
  • encodings/iso8859_13.pyc
  • encodings/iso8859_14.pyc
  • encodings/iso8859_15.pyc
  • encodings/iso8859_16.pyc
  • encodings/iso8859_2.pyc
  • encodings/iso8859_3.pyc
  • encodings/iso8859_4.pyc
  • encodings/iso8859_5.pyc
  • encodings/iso8859_6.pyc
  • encodings/iso8859_7.pyc
  • encodings/iso8859_8.pyc
  • encodings/iso8859_9.pyc
  • encodings/johab.pyc
  • encodings/koi8_r.pyc
  • encodings/koi8_t.pyc
  • encodings/koi8_u.pyc
  • encodings/kz1048.pyc
  • encodings/latin_1.pyc
  • encodings/mac_arabic.pyc
  • encodings/mac_croatian.pyc
  • encodings/mac_cyrillic.pyc
  • encodings/mac_farsi.pyc
  • encodings/mac_greek.pyc
  • encodings/mac_iceland.pyc
  • encodings/mac_latin2.pyc
  • encodings/mac_roman.pyc
  • encodings/mac_romanian.pyc
  • encodings/mac_turkish.pyc
  • encodings/mbcs.pyc
  • encodings/oem.pyc
  • encodings/palmos.pyc
  • encodings/ptcp154.pyc
  • encodings/punycode.pyc
  • encodings/quopri_codec.pyc
  • encodings/raw_unicode_escape.pyc
  • encodings/rot_13.pyc
  • encodings/shift_jis.pyc
  • encodings/shift_jis_2004.pyc
  • encodings/shift_jisx0213.pyc
  • encodings/tis_620.pyc
  • encodings/undefined.pyc
  • encodings/unicode_escape.pyc
  • encodings/utf_16.pyc
  • encodings/utf_16_be.pyc
  • encodings/utf_16_le.pyc
  • encodings/utf_32.pyc
  • encodings/utf_32_be.pyc
  • encodings/utf_32_le.pyc
  • encodings/utf_7.pyc
  • encodings/utf_8.pyc
  • encodings/utf_8_sig.pyc
  • encodings/uu_codec.pyc
  • encodings/zlib_codec.pyc
  • enum.pyc
  • functools.pyc
  • genericpath.pyc
  • heapq.pyc
  • io.pyc
  • keyword.pyc
  • linecache.pyc
  • locale.pyc
  • ntpath.pyc
  • operator.pyc
  • os.pyc
  • posixpath.pyc
  • re/__init__.pyc
  • re/_casefix.pyc
  • re/_compiler.pyc
  • re/_constants.pyc
  • re/_parser.pyc
  • reprlib.pyc
  • sre_compile.pyc
  • sre_constants.pyc
  • sre_parse.pyc
  • stat.pyc
  • traceback.pyc
  • types.pyc
  • warnings.pyc
  • weakref.pyc
  • build/main/localpycs/pyimod01_archive.pyc
  • build/main/localpycs/pyimod02_importers.pyc
  • build/main/localpycs/pyimod03_ctypes.pyc
  • build/main/localpycs/pyimod04_pywin32.pyc
  • build/main/localpycs/struct.pyc
  • build/main/main.pkg
  • build/main/warn-main.txt
  • build/main/xref-main.html
    .html
  • dist/main.exe
    .exe windows:6 windows x64 arch:x64

    Password: ez

    a06f302f71edd380da3d5bf4a6d94ebd


    Headers

    Imports

    Sections

  • main.pyc
  • scripts/test.lua
  • workspace/.tests/appendfile.txt
  • workspace/.tests/getcustomasset.txt
  • workspace/.tests/isfile.txt
  • workspace/.tests/listfiles/test_1.txt
  • workspace/.tests/listfiles/test_2.txt
  • workspace/.tests/loadfile.txt
  • workspace/.tests/readfile.txt
  • workspace/.tests/writefile
  • workspace/.tests/writefile.txt
  • workspace/IY_FE.iy
  • workspace/test.txt