ioc[.]one - OSINT Cyber Threat Intelligence Database

Python Malware Starting to Employ Anti-Debug Techniques

Tags

cmtmf-attack-pattern:	Native Code
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Software - T1592.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	64f198b7-9c40-4c78-bde3-557ff99c8e54
Fingerprint	ad24192dadb5a791
Analysis status	DONE
Considered CTI value	0
Text language
Published	Dec. 13, 2022, 5:09 p.m.
Added to db	Jan. 16, 2023, 3:49 p.m.
Last updated	Nov. 17, 2024, 10:43 p.m.
Headline	PyPI malware creators are starting to employ Anti-Debug techniques
Title	Python Malware Starting to Employ Anti-Debug Techniques
Detected Hints/Tags/Attributes	45/2/34

Source URLs

	Redirection	Url
Details	Source	https://jfrog.com/blog/pypi-malware-creators-are-starting-to-employ-anti-debug-techniques/

URL Provider

Details	Provider	Source level domain
Details	jfrog.com	jfrog.com

Attributes

Details	Type	#Events	Value
Details	Domain	138	setup.py
Details	Domain	4	install.run
Details	Domain	112	cdn.discordapp.com
Details	Domain	88	main.py
Details	Domain	1	psutil.py
Details	Domain	291	raw.githubusercontent.com
Details	Domain	37	proc.name
Details	File	127	setup.py
Details	File	8	cleaner.exe
Details	File	124	os.sys
Details	File	76	main.py
Details	File	65	python.exe
Details	File	1	psutil.py
Details	File	4	injection.js
Details	File	174	index.js
Details	File	13	vmwareservice.exe
Details	File	28	vmwaretray.exe
Details	File	1	idau64.exe
Details	File	23	x64dbg.exe
Details	File	35	windbg.exe
Details	File	13	devenv.exe
Details	File	56	processhacker.exe
Details	File	2	httpdebuggerui.exe
Details	File	71	wireshark.exe
Details	File	24	fiddler.exe
Details	File	79	regedit.exe
Details	File	4	vmguestlib.dll
Details	File	6	vboxmrxnp.dll
Details	Github username	1	syntheticc
Details	Url	1	https://cdn.discordapp.com/attachments/1037723441480089600/1039359352957587516/cleaner.exe
Details	Url	1	https://raw.githubusercontent.com/syntheticc/injection1/main/injection.js
Details	Url	1	https://discord.com/api/webhooks/1039353898445582376/cvrsu8cslmiyznyxmpkjbkney_o0yjg08x5r_a7mpdgooqqualpinn1yfd5cuj11dm7h
Details	Windows Registry Key	22	HKEY_LOCAL_MACHINE\SYSTEM
Details	Windows Registry Key	4	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class