Overview

overview

10

Static

static

10

BlueTiger-...ol.exe

windows7-x64

7

BlueTiger-...ol.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

13-12-2024 11:57

241213-n4p5gszjcp 10

09-12-2024 23:27

241209-3fpalsvqaw 10

09-12-2024 23:22

241209-3ct2pazpbj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlueTiger-MultiTool.exe

  • Size

    107.4MB

  • Sample

    241209-3ct2pazpbj

  • MD5

    e4ff2a92899d8e11008a4b0bb73dfb00

  • SHA1

    36dae4ea984fca613cac381f6746d3b5b49f1f75

  • SHA256

    4c755749636f52a7b0f66533aa35d5c99c0af84c0fea005656dc0994de50149a

  • SHA512

    3009cff0d4b0ced481f75160e7e35d016b6f9deb7a1aa447304d2421121892a35b805e11c5a61f12cd3812560351c89657e5ff9093a9f2f4d9fe9e2a9eeb17f8

  • SSDEEP

    3145728:FUEeCRRS6xjKcBa6/2qHO5ifpBnG0iWMstB2OxQyyrOW:+EJjSWNa6NHCiRhieBq

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      BlueTiger-MultiTool.exe

    • Size

      107.4MB

    • MD5

      e4ff2a92899d8e11008a4b0bb73dfb00

    • SHA1

      36dae4ea984fca613cac381f6746d3b5b49f1f75

    • SHA256

      4c755749636f52a7b0f66533aa35d5c99c0af84c0fea005656dc0994de50149a

    • SHA512

      3009cff0d4b0ced481f75160e7e35d016b6f9deb7a1aa447304d2421121892a35b805e11c5a61f12cd3812560351c89657e5ff9093a9f2f4d9fe9e2a9eeb17f8

    • SSDEEP

      3145728:FUEeCRRS6xjKcBa6/2qHO5ifpBnG0iWMstB2OxQyyrOW:+EJjSWNa6NHCiRhieBq

    Score
    9/10
    discoveryevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      e523026b612006e580e96bd9e2a8882c

    • SHA1

      03b9938701f7eff11a0c3632ed805e8188598c88

    • SHA256

      8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77

    • SHA512

      a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853

    • SSDEEP

      384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      b38f506528b3d6d5dbd851426c347b95

    • SHA1

      e91bf4ef42128267934e21be0176e552480f5977

    • SHA256

      85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b

    • SHA512

      ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295

    • SSDEEP

      192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      31aa260c6cdeaa9d942cd0dcfcadd16a

    • SHA1

      a6818f3acf5c2ab9d65b41a81cb92b36b85cc932

    • SHA256

      b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c

    • SHA512

      0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      704dced7f7530b19a34a5f7a71c26b10

    • SHA1

      608d9647488cfa2b5f84a891028168a973bfcfa9

    • SHA256

      1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac

    • SHA512

      e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f

    • SSDEEP

      192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      185KB

    • MD5

      b6cea0bcd2c6b73d33454f0c873fca5c

    • SHA1

      3d522387c2053867591c72d07f544ccafb6801ad

    • SHA256

      4b1e91272243327d5e835051c40ff1159a2af82136a07efaffc8c0b7f27ae5da

    • SHA512

      cf9ba8cb73b7d11a23eb6ead1ab9b932ea0c423b7a1a0eb4d15e496484e85f67c9445cf6569d9486608420091864db8b6921440e839ed8aabc76f149aa84450a

    • SSDEEP

      3072:sTAaLa+/4A9M/2CYolPEtelZN+tVZaftogjHdoCkne:sTlW+/ZuYol8cN+7ZaftogjHiCX

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Browser Information Discovery

1
T1217

File and Directory Discovery

1
T1083

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks