General
-
Target
CustomInstaller.exe
-
Size
83.8MB
-
Sample
250215-j6lgvsxpcx
-
MD5
49b2e24abcc528566578ee1992fe5747
-
SHA1
4ec4640050759eaa2bd3e0cbd41dda7bf2f3b66f
-
SHA256
aab961d756207c8a2d47d749e35f118c81e41cb5f9b101cc0f07861f1d5ebf76
-
SHA512
8f3134f9f0045da1a3ffce45ad9e49265e2af504a6a90467327de915bb5824bbf0d8be2c56bab5854081c24a58807671ad838ae24112c0602d0e7e470219e630
-
SSDEEP
1572864:pVjlGWsFm7OkiqOv8im2AqlE7xlhpqfiYweyJulZUdg14EKd72:7IVFm7OknOv8i3diLNpuB4NZ2
Malware Config
Targets
-
-
Target
CustomInstaller.exe
-
Size
83.8MB
-
MD5
49b2e24abcc528566578ee1992fe5747
-
SHA1
4ec4640050759eaa2bd3e0cbd41dda7bf2f3b66f
-
SHA256
aab961d756207c8a2d47d749e35f118c81e41cb5f9b101cc0f07861f1d5ebf76
-
SHA512
8f3134f9f0045da1a3ffce45ad9e49265e2af504a6a90467327de915bb5824bbf0d8be2c56bab5854081c24a58807671ad838ae24112c0602d0e7e470219e630
-
SSDEEP
1572864:pVjlGWsFm7OkiqOv8im2AqlE7xlhpqfiYweyJulZUdg14EKd72:7IVFm7OknOv8i3diLNpuB4NZ2
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
aaaeca514d98795f954c1f2eebb18881
-
SHA1
6331352aada5256452c43545bb6593958602a20c
-
SHA256
a808291bd70bbd15bedd818ef25a1dbcfbf548330fd9ddf5244143ec3eb66cc6
-
SHA512
ec9c019d0061103e1e1b3db7feb346136e5e4f447804f9586aacdd7da3c9b877bda1221735b08fc44586cd443b8909664a22bb90ce3a4230402357d35fe80883
-
SSDEEP
384:nGC7RYmnXavkLPJrltcshntQ5Maa2holHVg:nGCuvkL9ltcsttQ5MaaCgHVg
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
b97f0689742bd69af8900cd3731c5294
-
SHA1
28ccff4aa6009fc86d4561e5bc37ea2fb175a689
-
SHA256
b080857887222e4c048bba2d7bb3ebc25cc26f31bb26f645fafc01de4e46a03c
-
SHA512
9b2c471688fee5cb3d1112ec0d594f5c16371dbb6a1dd30668f64746f2073cea377ca6797928e67bfc933e03c52d819ec676f00a115ef3afa4eeb240daf71883
-
SSDEEP
96:nlNatjbBMMKiNW8Zxh9ybA6HUWc4/xIgBZFLjH2K8BXFxUBvF/A7qx3MlMFztwX3:lNahBeiNR9QfUF2x3NC79F21aGaqDAht
Score8/10-
Downloads MZ/PE file
-
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
3eb4ff2a9be2d13ecb7343cf82865294
-
SHA1
6f9d52b590a15de10dd4589ced7320734371b844
-
SHA256
5697249c80354c3adbbb6ae7f2068bd5e0ab44ce08def7b1ef168508fb1fb2c4
-
SHA512
776bc0e43593579b7a82bdf0ed77ba89803111b5651cf222c82a7245cd9a297560e3400dc9fcefbed56a91cde4f786f2d745e931102c4ac8750044f2f5072f63
-
SSDEEP
96:XSMlhlvSzMPDweHPF8+VB7sHIZGQSWfvmyyZ1k9zBub:iolvSzM0evq+VBXZGQlvmV1k5Bub
Score8/10-
Downloads MZ/PE file
-
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
e51a6ecd8527b9e758afb60513356e19
-
SHA1
89feb7e8f793bef5dc22556196bb9b03387476fe
-
SHA256
3c2a8cf8d20d10c27c1c389064abbcce9aab9d6afe5cac26a376ebedf551bece
-
SHA512
acc505cea3eff572570b05418931b9be9339c0dd91922ce5ef470810bf861f2395535ccab883f470910bb4e0c9dae309382044568ae0a3aba2b9323ada1f784d
-
SSDEEP
192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuT:64qWLlMFyVMHAE/Y
Score8/10-
Downloads MZ/PE file
-
-
-
Target
source_prepared.pyc
-
Size
172KB
-
MD5
e357b6371cb5eee6824d5bbebd31ab6e
-
SHA1
032bd34856f26d5d40f5fa4fcda9424ab28b2bd8
-
SHA256
4bc2f4c24be014daebba3e8df559a40986dac5edb0049b3266542623d14e67ac
-
SHA512
a2944ad1e33f6aeee1b036e08b84e0956d082b687f4e8797aa7bb6c12950a30e9d708807c12cc8204d9c8bf2f559778a3c1dc98bacf0ccc07e7219c5c4d019a2
-
SSDEEP
3072:jr4AC0aOO2LG1VUT/ovPZTerUScdQQV+C/iIvdXzpusTxw:jrFC0aOO2LGM/o0j8SCsse
Score8/10-
Downloads MZ/PE file
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1