Overview

overview

10

Static

static

10

Pirat cheat.exe

windows10-2004-x64

9

Pirat cheat.exe

windows10-ltsc 2021-x64

9

discord_to...er.pyc

windows10-2004-x64

3

discord_to...er.pyc

windows10-ltsc 2021-x64

3

get_cookies.pyc

windows10-2004-x64

3

get_cookies.pyc

windows10-ltsc 2021-x64

3

misc.pyc

windows10-2004-x64

3

misc.pyc

windows10-ltsc 2021-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows10-ltsc 2021-x64

3

source_prepared.pyc

windows10-2004-x64

3

source_prepared.pyc

windows10-ltsc 2021-x64

3

Resubmissions

22-01-2025 20:51

250122-zndmasvmgs 10

22-01-2025 19:56

250122-ynwmfatmek 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pirat cheat.exe

  • Size

    103.9MB

  • Sample

    250122-ynwmfatmek

  • MD5

    b76305d6ef8c96a6a8beb10361fda7e1

  • SHA1

    12810daa04355d407d96fbf91ce31c2828b3c5a5

  • SHA256

    f0cd6f311d9d5d06463ecebf22e7e9efecfb1b12814589efc07e028368bb3eb2

  • SHA512

    9931ea876fe53a74e8363e12ef5bb5407ceab7c816e4ee76ab0c530192170e0de4884d4ac938a08401fb7fc2eaae07b2f8f7430b90d35f7e070ba2804222f385

  • SSDEEP

    3145728:Y3nzSCRrS6xjKcBanL2qHO5iVXfnGQbRe0zJcBUZ2:mzNZSWNaBHCid1XcB7

Score
10/10
pysilondefense_evasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      Pirat cheat.exe

    • Size

      103.9MB

    • MD5

      b76305d6ef8c96a6a8beb10361fda7e1

    • SHA1

      12810daa04355d407d96fbf91ce31c2828b3c5a5

    • SHA256

      f0cd6f311d9d5d06463ecebf22e7e9efecfb1b12814589efc07e028368bb3eb2

    • SHA512

      9931ea876fe53a74e8363e12ef5bb5407ceab7c816e4ee76ab0c530192170e0de4884d4ac938a08401fb7fc2eaae07b2f8f7430b90d35f7e070ba2804222f385

    • SSDEEP

      3145728:Y3nzSCRrS6xjKcBanL2qHO5iVXfnGQbRe0zJcBUZ2:mzNZSWNaBHCid1XcB7

    Score
    9/10
    defense_evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      aaaeca514d98795f954c1f2eebb18881

    • SHA1

      6331352aada5256452c43545bb6593958602a20c

    • SHA256

      a808291bd70bbd15bedd818ef25a1dbcfbf548330fd9ddf5244143ec3eb66cc6

    • SHA512

      ec9c019d0061103e1e1b3db7feb346136e5e4f447804f9586aacdd7da3c9b877bda1221735b08fc44586cd443b8909664a22bb90ce3a4230402357d35fe80883

    • SSDEEP

      384:nGC7RYmnXavkLPJrltcshntQ5Maa2holHVg:nGCuvkL9ltcsttQ5MaaCgHVg

    Score
    3/10
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      b97f0689742bd69af8900cd3731c5294

    • SHA1

      28ccff4aa6009fc86d4561e5bc37ea2fb175a689

    • SHA256

      b080857887222e4c048bba2d7bb3ebc25cc26f31bb26f645fafc01de4e46a03c

    • SHA512

      9b2c471688fee5cb3d1112ec0d594f5c16371dbb6a1dd30668f64746f2073cea377ca6797928e67bfc933e03c52d819ec676f00a115ef3afa4eeb240daf71883

    • SSDEEP

      96:nlNatjbBMMKiNW8Zxh9ybA6HUWc4/xIgBZFLjH2K8BXFxUBvF/A7qx3MlMFztwX3:lNahBeiNR9QfUF2x3NC79F21aGaqDAht

    Score
    3/10
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      3eb4ff2a9be2d13ecb7343cf82865294

    • SHA1

      6f9d52b590a15de10dd4589ced7320734371b844

    • SHA256

      5697249c80354c3adbbb6ae7f2068bd5e0ab44ce08def7b1ef168508fb1fb2c4

    • SHA512

      776bc0e43593579b7a82bdf0ed77ba89803111b5651cf222c82a7245cd9a297560e3400dc9fcefbed56a91cde4f786f2d745e931102c4ac8750044f2f5072f63

    • SSDEEP

      96:XSMlhlvSzMPDweHPF8+VB7sHIZGQSWfvmyyZ1k9zBub:iolvSzM0evq+VBXZGQlvmV1k5Bub

    Score
    3/10
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      e51a6ecd8527b9e758afb60513356e19

    • SHA1

      89feb7e8f793bef5dc22556196bb9b03387476fe

    • SHA256

      3c2a8cf8d20d10c27c1c389064abbcce9aab9d6afe5cac26a376ebedf551bece

    • SHA512

      acc505cea3eff572570b05418931b9be9339c0dd91922ce5ef470810bf861f2395535ccab883f470910bb4e0c9dae309382044568ae0a3aba2b9323ada1f784d

    • SSDEEP

      192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuT:64qWLlMFyVMHAE/Y

    Score
    3/10
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      172KB

    • MD5

      12f927e31a91be8da8baf38c39ac7733

    • SHA1

      070db9f6021a4f35b8f56233239b560d9695813f

    • SHA256

      e0e9fbdc06498be05aff8e6323200eed02f0f234072a185352583b7c1b82938c

    • SHA512

      0012e66861e90cb71b3b79660b250ab536806f17a779bc0f42676293f0dac66838d133b7238412917d81b5decf0a827cea841a678ed688f9c75c8a66c37eecc2

    • SSDEEP

      3072:jrt+e0aOO9Ek1OFLhodPZTerUScdQQV+GJIvdXzrBsTxw:jrge0aOO9EkwhoGj8SGuse

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks