General
-
Target
gore.exe
-
Size
30.4MB
-
Sample
250107-n3rlxssjbm
-
MD5
d42a7dbb4ece7f31738a505d48b83521
-
SHA1
651e93a2f7ee36785fe114bd5bbafb45ee352506
-
SHA256
e78785e49b99038fada192edf79b610d0d3cce58daa58c4e07c75eba915a40d1
-
SHA512
5fce1fa9212c13af8ee254411b67d4257d9657f8c1081995eab17b3be9736aed63b5a79572130f0398096fb41b267de83bee05d236a4832f292be629e66d825e
-
SSDEEP
786432:46VdhW8ExLXm1NXzcY876LBBPeV8v0VEGmVARJ8rna:bV7WxlXmDE76BBShVdQAzMn
Malware Config
Targets
-
-
Target
gore.exe
-
Size
30.4MB
-
MD5
d42a7dbb4ece7f31738a505d48b83521
-
SHA1
651e93a2f7ee36785fe114bd5bbafb45ee352506
-
SHA256
e78785e49b99038fada192edf79b610d0d3cce58daa58c4e07c75eba915a40d1
-
SHA512
5fce1fa9212c13af8ee254411b67d4257d9657f8c1081995eab17b3be9736aed63b5a79572130f0398096fb41b267de83bee05d236a4832f292be629e66d825e
-
SSDEEP
786432:46VdhW8ExLXm1NXzcY876LBBPeV8v0VEGmVARJ8rna:bV7WxlXmDE76BBShVdQAzMn
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
143e1ca54a6631128428c6bf7515cfd2
-
SHA1
b560459179c580bb22f5adc24f4b3b5851c4f1ad
-
SHA256
25cb908eb359f31428c9932d4f98df7f2ee647d3339ea9a7c86ad281b03d8c4f
-
SHA512
bc94451702fbe45339999569a1b5935ff2f1daebce10188305995364e047bc19582ba7077d4ab6ceb3cf1c5f21438c3b76416a2b45a0284fbd679c029bc51d35
-
SSDEEP
384:nGC7RYmnXavkLPJrltcshntQ5saa2holHVA:nGCuvkL9ltcsttQ5saaCgHVA
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
32bb8ed84a18f665d03dd5afbc7b65b0
-
SHA1
a2129ec6568e20c620429d884a13cd4671504a2b
-
SHA256
7d9fff7c91679c94728b83eeabc34f54201fc9ee6fa6806665b25007ce5b88a6
-
SHA512
399198dfac2fd7bdea480d93d836c2f194ae9c93d7ee7855537cac44bf7c6e463a8104f7f7380b9f075fdd67bb12027909ce2d3407b5423d2837a96c3c835bc2
-
SSDEEP
192:lNaBBeiNR9QfUF2x3NC79F21aG67+DAhN:lPiT2XtFcjKDAhN
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
c42e089e863f6e8137098c45fceab40e
-
SHA1
6518578e7b5f2480492334238b84ad3be5b1380c
-
SHA256
62c5f58bfd4b9cee38e6b973ed8000eda063488096380acf6ab7264f8c1df76c
-
SHA512
9e8ccd4383728166faf22c3f10fd471388ef8084c5e000e9fe58241c6ef4b9abd23a29de032a69a332ff41c852fcf786941ccf4ddfac1b4cb28b6251ab4942f5
-
SSDEEP
96:XSMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:iolvyz8evq+VBXZGQlvmV1k5hub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
d23a91aebc53fb0d013c182fc10a569e
-
SHA1
2fe4680de0ddafad84c4cf69d5427674ee2f49d9
-
SHA256
5fd25ed5ea1de4064160ee4559dfba63fe1e4b86fd631c388581ddebfc975b7d
-
SHA512
97c4aeb2d64469d6d469066bfa24135ad9351f79cbafe5f97ccdbc4e8d759684789f10efe08f50db0d33b8a923b0d9bb6c4ad6d49aadc938472781fd37ca0024
-
SSDEEP
192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:64qWLlMFyVMHAE/4
Score3/10 -
-
-
Target
protections.pyc
-
Size
1KB
-
MD5
3ff06736c594da8b1ede7e999ea1ed2c
-
SHA1
23e98e45c4e2f10630df70abf07531ce575d45e4
-
SHA256
2bb400ef8cab4859afe139b15cc85efdde055fe85a39ca89472353272bcb9016
-
SHA512
12ea8fe21db4df26915f08fd456da8309ee5e1d3c844da51e7beb995e7705fbf90d750c00032bbfe09c31b7ed20c7a41bea77af038fcc7dcf653990250ea24b3
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
200KB
-
MD5
a2b70d25a5e4654cdbd86cda379e41c0
-
SHA1
ba305018b3f84d0171fac77c45f80ed6ea3a7446
-
SHA256
025318963b1b551a8603aa74325d0601528e1e565ab324105f1e0a9b5eb44e14
-
SHA512
7ce50ae323f0030245c657564d9de4825410839162828908655c5a31f39b285741c5518e5ab756a571df148ea758c837bb0cc63134f0646fa6050a715ebcb567
-
SSDEEP
3072:wzuEpmV3TziHI/m15oU8qzXLMiLCIvdXzw8sC/R:wKEpmVde5o4LdL3sO
Score3/10 -