Overview

overview

10

Static

static

10

Lowkey/Low...er.exe

windows10-2004-x64

9

discord_to...er.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

Resubmissions

04-07-2024 00:14

240704-aja8yatdpj 10

04-07-2024 00:13

240704-ahtc5atdmp 10

04-07-2024 00:12

240704-ag9cysvgma 10

04-07-2024 00:05

240704-adjywstbnr 10

03-07-2024 23:40

240703-3n1cvascrn 10

03-07-2024 23:38

240703-3mqr1stere 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lowkey_Spoofer.zip

  • Size

    76.1MB

  • Sample

    240703-3mqr1stere

  • MD5

    bb6d1b58759c525c8c1b90e264822567

  • SHA1

    0c10c727d374ca503831b9ad0c02009a6e5e90fc

  • SHA256

    2df3a1bea4ba0d40486ec28fa567386959e9e7cb5ac99743ff836826525d978d

  • SHA512

    206f6056fe91d499e2dc362ffdbfa39fa27ce1f99494924755eaaae484de4586fd4325b4cb334293fabe9674e2aa7ad0b78c6e6579a177a87bb8996d5d0cc15a

  • SSDEEP

    1572864:djoa0vjkOGIT03tYThbOg7sSk1r3r+G7YHgY0DEjNED6enYCFPmaPdgFz6n:djx0LkOHY9OicsDSdgZEyYYxMz6n

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Lowkey/Lowkey/LowkeySpoofer.exe

    • Size

      76.4MB

    • MD5

      78b5e26ec72b1a7316cc974d69a290f6

    • SHA1

      225e444bce01d3d15e58a701e99401881ae81d59

    • SHA256

      b35c62a207c2c7c1f6c1c4734bc83153d5b6f1d89c2d5c5952e8a650be5ba21a

    • SHA512

      3fe8a0b821f3fc9cf91656b8d6d720fd18616a63ae64f3f452bb90455162008501c42185666e8177979189f2163ad3f37ffde4f136763079de0d692f31fbd19b

    • SSDEEP

      1572864:rviEKl7Sk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW4sjtusla/Z9U:rvZK5SkB05awcfhdCpukdRQAX9U

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      990bb1210323b8968b180576cf8114d6

    • SHA1

      a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b

    • SHA256

      b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208

    • SHA512

      43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a

    • SSDEEP

      384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA

    Score
    3/10
    behavioral2

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      bbb6ab7b8230cca0ac46532a612143d0

    • SHA1

      4bf5ebb19c5807cfb4b48191ec65b329d67763cd

    • SHA256

      8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4

    • SHA512

      21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e

    • SSDEEP

      192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7

    Score
    3/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Credential Access

Discovery

File and Directory Discovery

1
T1083

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks