Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PupkinStealer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PupkinStealer.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\user-PC\DotNetZip-mly1wotf.tmp
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user@ardent.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\BPMLNOBVSB.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\CURQNKVOIX.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\FENIVHOIKN.jpg
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\JSDNGYCOWY.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\MXPXCVPDVN.png
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\NIKHQAIQAU.png
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\SFPUSAFIOL.jpg
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\VAMYDFPUND.jpg
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\VAMYDFPUND.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\WKXEWIOTXI.png
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\ZBEDCJPBEY.jpg
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\DesktopFiles\ZQIXMVQGAH.png
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-PC\user\Grabbers\Screenshot\Screen.jpg
|
PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PupkinStealer.exe
|
"C:\Users\user\Desktop\PupkinStealer.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.telegram.org
|
unknown
|
||
|
https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
https://api.telegram.org/bot-/sendDocument?chat_id=A&caption=W
|
unknown
|
||
|
https://www.newtonsoft.com/jsonschema
|
unknown
|
||
|
http://www.codeplex.com/DotNetZip
|
unknown
|
||
|
https://api.telegram.org/bot8013735771:AAE_UrTgQsAmiAsXeDN6mehD_fo3vEg-kCM/sendDocument
|
unknown
|
||
|
https://system.data.sqlite.org/X
|
unknown
|
||
|
https://www.newtonsoft.com/json
|
unknown
|
||
|
https://www.nuget.org/packages/Newtonsoft.Json.Bson
|
unknown
|
||
|
https://urn.to/r/sds_see12https://urn.to/r/sds_see2
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
https://api.telegram.org/bot8013735771:AAE_UrTgQsAmiAsXeDN6mehD_fo3vEg-kCM/sendDocument?chat_id=7613
|
unknown
|
||
|
https://system.data.sqlite.org/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://james.newtonking.com/projects/json
|
unknown
|
||
|
https://github.com/JamesNK/Newtonsoft.Json
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.telegram.org
|
149.154.167.220
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PupkinStealer_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
270C9D7D000
|
trusted library allocation
|
page read and write
|
|
|
|
270C9C61000
|
trusted library allocation
|
page read and write
|
|
|
|
270C9D81000
|
trusted library allocation
|
page read and write
|
|
|
|
270C9D4C000
|
trusted library allocation
|
page read and write
|
|
|
|
270E24CB000
|
heap
|
page read and write
|
|
|
|
270C9D2E000
|
trusted library allocation
|
page read and write
|
|
|
|
270C9D1A000
|
trusted library allocation
|
page read and write
|
|
|
|
270C7902000
|
unkown
|
page readonly
|
|
|
|
CC9E9FC000
|
stack
|
page read and write
|
||
|
CC9E2FE000
|
stack
|
page read and write
|
||
|
7FF88B690000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B3CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
270E2700000
|
heap
|
page read and write
|
||
|
270CA163000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B540000
|
trusted library allocation
|
page read and write
|
||
|
CC9DDFE000
|
stack
|
page read and write
|
||
|
270C9E77000
|
trusted library allocation
|
page read and write
|
||
|
270E2759000
|
heap
|
page read and write
|
||
|
270C81C6000
|
heap
|
page read and write
|
||
|
7FF88B3A0000
|
trusted library allocation
|
page read and write
|
||
|
270E2710000
|
heap
|
page read and write
|
||
|
270C9E9E000
|
trusted library allocation
|
page read and write
|
||
|
270CA0C1000
|
trusted library allocation
|
page read and write
|
||
|
270C8113000
|
heap
|
page read and write
|
||
|
270C84B5000
|
heap
|
page read and write
|
||
|
270E2724000
|
heap
|
page read and write
|
||
|
7FF88B5F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B3FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
270C7900000
|
unkown
|
page readonly
|
||
|
270C8270000
|
heap
|
page execute and read and write
|
||
|
7FF88B3C4000
|
trusted library allocation
|
page read and write
|
||
|
270CA05F000
|
trusted library allocation
|
page read and write
|
||
|
7FF41E310000
|
trusted library allocation
|
page execute and read and write
|
||
|
270C813D000
|
heap
|
page read and write
|
||
|
7FF88B640000
|
trusted library allocation
|
page read and write
|
||
|
270E2757000
|
heap
|
page read and write
|
||
|
270CA027000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B5E0000
|
trusted library allocation
|
page read and write
|
||
|
270C9D6F000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B6A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
270CA14E000
|
trusted library allocation
|
page read and write
|
||
|
270E27A7000
|
heap
|
page read and write
|
||
|
270D9E98000
|
trusted library allocation
|
page read and write
|
||
|
270CA236000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B730000
|
trusted library allocation
|
page read and write
|
||
|
CC9ECFE000
|
stack
|
page read and write
|
||
|
270C9D27000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B566000
|
trusted library allocation
|
page read and write
|
||
|
270CA195000
|
trusted library allocation
|
page read and write
|
||
|
270E24C0000
|
heap
|
page read and write
|
||
|
270C7F38000
|
unkown
|
page readonly
|
||
|
270D9C6F000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B460000
|
trusted library allocation
|
page execute and read and write
|
||
|
270D9C61000
|
trusted library allocation
|
page read and write
|
||
|
270E1FEB000
|
heap
|
page read and write
|
||
|
7FF88B750000
|
trusted library allocation
|
page read and write
|
||
|
270C9F9C000
|
trusted library allocation
|
page read and write
|
||
|
270C81C0000
|
heap
|
page read and write
|
||
|
270C9F02000
|
trusted library allocation
|
page read and write
|
||
|
270CA088000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B3A4000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B600000
|
trusted library allocation
|
page read and write
|
||
|
270C9FFE000
|
trusted library allocation
|
page read and write
|
||
|
270C9FC6000
|
trusted library allocation
|
page read and write
|
||
|
270CA025000
|
trusted library allocation
|
page read and write
|
||
|
270C80D6000
|
heap
|
page read and write
|
||
|
7FF88B6B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
270C7FC0000
|
heap
|
page read and write
|
||
|
7FF88B560000
|
trusted library allocation
|
page read and write
|
||
|
CC9E8F5000
|
stack
|
page read and write
|
||
|
270E2430000
|
heap
|
page read and write
|
||
|
270C80D0000
|
heap
|
page read and write
|
||
|
270CA1B0000
|
trusted library allocation
|
page read and write
|
||
|
CC9E4FE000
|
stack
|
page read and write
|
||
|
7FF88B570000
|
trusted library allocation
|
page read and write
|
||
|
270C813B000
|
heap
|
page read and write
|
||
|
7FF88B5B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B630000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B3B0000
|
trusted library allocation
|
page read and write
|
||
|
270E249C000
|
heap
|
page read and write
|
||
|
270C8143000
|
heap
|
page read and write
|
||
|
270E2530000
|
trusted library section
|
page read and write
|
||
|
270C81F0000
|
heap
|
page read and write
|
||
|
7FF88B3AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
270C80FB000
|
heap
|
page read and write
|
||
|
CC9E0FE000
|
stack
|
page read and write
|
||
|
270C8305000
|
heap
|
page read and write
|
||
|
7FF88B770000
|
trusted library allocation
|
page execute and read and write
|
||
|
270C8250000
|
trusted library allocation
|
page read and write
|
||
|
270C9E3F000
|
trusted library allocation
|
page read and write
|
||
|
CC9EEFD000
|
stack
|
page read and write
|
||
|
270C9DE0000
|
trusted library allocation
|
page read and write
|
||
|
270C9C10000
|
heap
|
page read and write
|
||
|
270E3C0B000
|
heap
|
page read and write
|
||
|
7FF88B580000
|
trusted library allocation
|
page read and write
|
||
|
CC9F0FE000
|
stack
|
page read and write
|
||
|
7FF88B486000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88B620000
|
trusted library allocation
|
page read and write
|
||
|
270C9EA0000
|
trusted library allocation
|
page read and write
|
||
|
270C9E42000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B5D0000
|
trusted library allocation
|
page read and write
|
||
|
CC9EDFE000
|
stack
|
page read and write
|
||
|
270CA02A000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B456000
|
trusted library allocation
|
page read and write
|
||
|
270C84B0000
|
heap
|
page read and write
|
||
|
270C9C50000
|
heap
|
page read and write
|
||
|
270C8111000
|
heap
|
page read and write
|
||
|
7FF88B680000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88B5A0000
|
trusted library allocation
|
page read and write
|
||
|
CC9DCF2000
|
stack
|
page read and write
|
||
|
270CA0ED000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B760000
|
trusted library allocation
|
page read and write
|
||
|
270C8300000
|
heap
|
page read and write
|
||
|
7FF88B597000
|
trusted library allocation
|
page read and write
|
||
|
270C8230000
|
trusted library allocation
|
page read and write
|
||
|
270C9F00000
|
trusted library allocation
|
page read and write
|
||
|
270CA1D5000
|
trusted library allocation
|
page read and write
|
||
|
270C9F3B000
|
trusted library allocation
|
page read and write
|
||
|
CC9EBFD000
|
stack
|
page read and write
|
||
|
7FF88B450000
|
trusted library allocation
|
page read and write
|
||
|
270C9F62000
|
trusted library allocation
|
page read and write
|
||
|
CC9E6FB000
|
stack
|
page read and write
|
||
|
270C9DB4000
|
trusted library allocation
|
page read and write
|
||
|
270C9E16000
|
trusted library allocation
|
page read and write
|
||
|
270E2752000
|
heap
|
page read and write
|
||
|
270D9EA6000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B55D000
|
trusted library allocation
|
page read and write
|
||
|
270C9D95000
|
trusted library allocation
|
page read and write
|
||
|
270E24DF000
|
heap
|
page read and write
|
||
|
7FF88B3A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
270E2910000
|
trusted library section
|
page read and write
|
||
|
270E1C90000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B3BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88B590000
|
trusted library allocation
|
page read and write
|
||
|
270CA173000
|
trusted library allocation
|
page read and write
|
||
|
CC9EFFD000
|
stack
|
page read and write
|
||
|
270C9EA2000
|
trusted library allocation
|
page read and write
|
||
|
270C7900000
|
unkown
|
page readonly
|
||
|
270C9F67000
|
trusted library allocation
|
page read and write
|
||
|
270E36F0000
|
trusted library section
|
page read and write
|
||
|
270C9D93000
|
trusted library allocation
|
page read and write
|
||
|
270C80DC000
|
heap
|
page read and write
|
||
|
270C82A0000
|
trusted library allocation
|
page read and write
|
||
|
CC9E5F0000
|
stack
|
page read and write
|
||
|
270C9FC3000
|
trusted library allocation
|
page read and write
|
||
|
270C80A0000
|
heap
|
page read and write
|
||
|
270CA2FA000
|
trusted library allocation
|
page read and write
|
||
|
270D9CCD000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B740000
|
trusted library allocation
|
page read and write
|
||
|
270E24CD000
|
heap
|
page read and write
|
||
|
7FF88B63E000
|
trusted library allocation
|
page read and write
|
||
|
270C9D91000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B3C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B5C0000
|
trusted library allocation
|
page read and write
|
||
|
CC9E1F9000
|
stack
|
page read and write
|
||
|
270C9ED9000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B670000
|
trusted library allocation
|
page read and write
|
||
|
CC9DEFE000
|
stack
|
page read and write
|
||
|
270CA185000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B594000
|
trusted library allocation
|
page read and write
|
||
|
CC9E7FA000
|
stack
|
page read and write
|
||
|
7FF88B617000
|
trusted library allocation
|
page read and write
|
||
|
CC9DFFE000
|
stack
|
page read and write
|
||
|
270E3C01000
|
heap
|
page read and write
|
||
|
7FF88B550000
|
trusted library allocation
|
page read and write
|
||
|
270E2477000
|
heap
|
page read and write
|
||
|
7FF88B5F4000
|
trusted library allocation
|
page read and write
|
||
|
270C84BC000
|
heap
|
page read and write
|
||
|
7FF88B660000
|
trusted library allocation
|
page read and write
|
||
|
270C9DDB000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B3B2000
|
trusted library allocation
|
page read and write
|
||
|
270E3BF0000
|
heap
|
page read and write
|
||
|
7FF88B45C000
|
trusted library allocation
|
page execute and read and write
|
||
|
270CA123000
|
trusted library allocation
|
page read and write
|
||
|
CC9E3FE000
|
stack
|
page read and write
|
||
|
7FF88B610000
|
trusted library allocation
|
page read and write
|
||
|
270C9D68000
|
trusted library allocation
|
page read and write
|
||
|
270E24C9000
|
heap
|
page read and write
|
||
|
7FF88B650000
|
trusted library allocation
|
page execute and read and write
|
||
|
270C9BB0000
|
heap
|
page execute and read and write
|
||
|
270C81D0000
|
heap
|
page read and write
|
||
|
270CA298000
|
trusted library allocation
|
page read and write
|
||
|
7FF88B3CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88B4C0000
|
trusted library allocation
|
page execute and read and write
|
There are 174 hidden memdumps, click here to show them.