Overview

overview

10

Static

static

10

AIO.exe

windows7-x64

7

AIO.exe

windows10-2004-x64

8

�b$�i��.pyc

windows7-x64

�b$�i��.pyc

windows10-2004-x64

Resubmissions

18-01-2025 10:50

250118-mw82yssjhl 10

18-01-2025 10:48

250118-mwmhys1lgt 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AIO.exe

  • Size

    7.6MB

  • Sample

    250118-mwmhys1lgt

  • MD5

    0d49bc0688632e3baafc053f81fae52c

  • SHA1

    5c46d123ed6a5b30bf29f9003e4a2bfcaafe7b51

  • SHA256

    785ec7bfd5410ec975a10bf335557354686c4d3de26aedabefc0913f4ba1b76f

  • SHA512

    97163263b09a90f4e88295dd59f3fb15693b76d97dbe8e3fa7deae231236b46d9824c3276cde3ca281aeab52176b5dd2f8e31c22057edf406c54e258cb5cdece

  • SSDEEP

    196608:7HV1Fc6ZB6ylnlPzf+JiJCsmFMveOn6hqgdhI:NcSBRlnlPSa7mmveOpgdhI

Score
10/10
blankgrabberdiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      AIO.exe

    • Size

      7.6MB

    • MD5

      0d49bc0688632e3baafc053f81fae52c

    • SHA1

      5c46d123ed6a5b30bf29f9003e4a2bfcaafe7b51

    • SHA256

      785ec7bfd5410ec975a10bf335557354686c4d3de26aedabefc0913f4ba1b76f

    • SHA512

      97163263b09a90f4e88295dd59f3fb15693b76d97dbe8e3fa7deae231236b46d9824c3276cde3ca281aeab52176b5dd2f8e31c22057edf406c54e258cb5cdece

    • SSDEEP

      196608:7HV1Fc6ZB6ylnlPzf+JiJCsmFMveOn6hqgdhI:NcSBRlnlPSa7mmveOpgdhI

    Score
    8/10
    upxdiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      �b$�i��.pyc

    • Size

      1KB

    • MD5

      88b98453e34aaa9acf514b42026ee46c

    • SHA1

      91c8146efc2a93ba01c6797442e6e1347fd9e153

    • SHA256

      95ca7cb5481be571c5b24fb4a4412d1a063d2abfe56f785873f3473ad2ed36f8

    • SHA512

      2535d2965cb5ee104006528da779f4834a3c6f855008b5ed7eeda1295b3ea6a6b248398806667a6bb35914d9f5f71dfbb583f3513314ecd45a984c183263afcc

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks