General

  • Target

    Howlis executor.zip

  • Size

    9.5MB

  • MD5

    8065ee8f8c5ea3b3323ae807890429d4

  • SHA1

    cb0f5cf2519c95530b155dc56a9a3d58386c3c8e

  • SHA256

    e11811db10afadc6d917402d841b750dc66b91649657a5020adc81cd5d84a72c

  • SHA512

    50cb20bc46f43b3e8ef8aea87fbce1aab84645446ed2e534a9db0e94304fdecaa1ac80edc8429c7073ef496dac9b9061fecee513bfa77db4f62f27643aebb7f1

  • SSDEEP

    196608:9PyjcoEEVJWA8Rin6PgDRTF6wLhePLKDUS7bl3IdOnoUq+:9Py9WY6UXQe33OdO

Score
10/10

Malware Config

Signatures

  • A stealer written in Python and packaged with Pyinstaller 1 IoCs
  • Blankgrabber family
  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

Files

  • Howlis executor.zip
    .zip
  • ForlornApi.dll
    .dll windows:4 windows x64 arch:x64


    Headers

    Sections

  • Howlis executor.exe
    .exe windows:5 windows x64 arch:x64

    0b5552dccd9d0a834cea55c0c8fc05be


    Headers

    Imports

    Sections

  • ��+�*ʼn.pyc
  • bin/Xeno.dll
    .dll windows:6 windows x64 arch:x64

    3a1f9d973bff43051a3daf411f707362


    Headers

    Imports

    Exports

    Sections

  • bin/libcrypto-3-x64.dll
    .dll windows:6 windows x64 arch:x64

    680b5c239d82da8e527bf24b921948fd


    Headers

    Imports

    Exports

    Sections

  • bin/libssl-3-x64.dll
    .dll windows:6 windows x64 arch:x64

    b14ebe784f458189a17382fee793f658


    Headers

    Imports

    Exports

    Sections

  • bin/xxhash.dll
    .dll windows:6 windows x64 arch:x64

    fba6b233846a2ea5e6907e23b2de9a26


    Headers

    Imports

    Exports

    Sections

  • bin/zstd.dll
    .dll windows:6 windows x64 arch:x64

    f32e8587cacdf9095c309b87f2877ebb


    Headers

    Imports

    Exports

    Sections

  • cver.txt
  • cxapis.dll
    .dll windows:4 windows x64 arch:x64


    Headers

    Sections

  • runtimes/win-x64/native/WebView2Loader.dll
    .dll windows:10 windows x64 arch:x64

    f6946d311bccc86e2042a388e375de41


    Code Sign

    Headers

    Imports

    Exports

    Sections