General
-
Target
Discord Tokken Grabber.exe
-
Size
98KB
-
Sample
220424-vgdaqshfh3
-
MD5
75c86f9a030999c57b68690c7a727862
-
SHA1
6b046349d789bf6679c465ccfb0d21402077616c
-
SHA256
7da38e7a350512181bf0bc5e737b6f40208428b72ad578ecfb9bf729af98f172
-
SHA512
9df16e44273a6ecc47deaac5d3c409d78188b9d0500dbe27d071312dcb834e9f54114dfae003214a7d81ccfd135e312be9e5e762b16d21c2da1bdc698eeeac16
Static task
static1
Behavioral task
behavioral1
Sample
Discord Tokken Grabber.exe
Resource
win10-20220414-en
Behavioral task
behavioral2
Sample
Discord Tokken Grabber.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Hacked By HiDDen PerSOn
b238f740560279557e7f122983c7ba65
-
reg_key
b238f740560279557e7f122983c7ba65
Targets
-
-
Target
Discord Tokken Grabber.exe
-
Size
98KB
-
MD5
75c86f9a030999c57b68690c7a727862
-
SHA1
6b046349d789bf6679c465ccfb0d21402077616c
-
SHA256
7da38e7a350512181bf0bc5e737b6f40208428b72ad578ecfb9bf729af98f172
-
SHA512
9df16e44273a6ecc47deaac5d3c409d78188b9d0500dbe27d071312dcb834e9f54114dfae003214a7d81ccfd135e312be9e5e762b16d21c2da1bdc698eeeac16
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-