hxxps://cdn[.]discordapp[.]com/attachments/712667782461784096/817235146985177118/gen[.]exe | Triage

Submit
Reports

Overview

overview

8

Static

static

URLScan

urlscan

https://cdn.discorda...

windows10_x64

Sharing

General

Target

https://cdn.discordapp.com/attachments/712667782461784096/817235146985177118/gen.exe
Sample

210305-fzlyqqc23j

Score

8^/10

bootkit pyinstaller ransomware spyware

Static task

static1

URLScan task

urlscan1

Sample

https://cdn.discordapp.com/attachments/712667782461784096/817235146985177118/gen.exe

Behavioral task

behavioral1

Sample

https://cdn.discordapp.com/attachments/712667782461784096/817235146985177118/gen.exe

Resource

win10v20201028

bootkit pyinstaller ransomware spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  https://cdn.discordapp.com/attachments/712667782461784096/817235146985177118/gen.exe
Score

8^/10

bootkit pyinstaller ransomware spyware
- Executes dropped EXE
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

bootkitpyinstallerransomwarespyware

© 2018-2024

Terms | Privacy