General
-
Target
discord logger.exe
-
Size
22.5MB
-
Sample
220829-e4w4csbden
-
MD5
5f0555a10263f383467a920d22febeed
-
SHA1
0e4b694afc583d51148fe1368516b4345eeb816a
-
SHA256
be3d815c8d513afdf55476fe42678549fdc65ea00a77fc8c7ba7c18b374d9723
-
SHA512
b1703db887aaaae3578de96d3de0a6510e071495c0266c88e464a9dd4248f60884b1a6eb92d3a7b6b81265fc1447096a04fd075b8fe2d1f5fcd463c7ddb588a3
-
SSDEEP
393216:9S6mhw3e/m3pfCTnxtX1JFT9NvKL0oBKcRabopyznWR/eBX:9SdhdKitXPFJhKL1RiopyzD
Behavioral task
behavioral1
Sample
discord logger.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
discord logger.exe
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
discord logger.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
bitrat
1.38
Cluluvsu-34807.portmap.host:34807
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
install_dir
sdudir
-
install_file
sudir
-
tor_process
tor
Targets
-
-
Target
discord logger.exe
-
Size
22.5MB
-
MD5
5f0555a10263f383467a920d22febeed
-
SHA1
0e4b694afc583d51148fe1368516b4345eeb816a
-
SHA256
be3d815c8d513afdf55476fe42678549fdc65ea00a77fc8c7ba7c18b374d9723
-
SHA512
b1703db887aaaae3578de96d3de0a6510e071495c0266c88e464a9dd4248f60884b1a6eb92d3a7b6b81265fc1447096a04fd075b8fe2d1f5fcd463c7ddb588a3
-
SSDEEP
393216:9S6mhw3e/m3pfCTnxtX1JFT9NvKL0oBKcRabopyznWR/eBX:9SdhdKitXPFJhKL1RiopyzD
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-