0409f2d3c5cda96547ad5a2a7d361e7b318d520f11cbfef9687da5d0eade69a2 | Triage

Resubmissions

24/09/2022, 19:15

220924-xyew1adbcp 8

Sharing

Copy URL Twitter E-mail

General

Target

Discord.Bot.Client.1.0.0.exe
Size

41.0MB
Sample

220924-xyew1adbcp
MD5

535d445dc5a852df3c42f93427ed61d3
SHA1

69d3ba9008707ae9427ccc03ce75aea7e842b954
SHA256

0409f2d3c5cda96547ad5a2a7d361e7b318d520f11cbfef9687da5d0eade69a2
SHA512

71e94b725bfd1541619c90ae588e6d3ab9fbf72e308741cc6bbccdaaa467167d0369f851455d1500b3ed269353b99cae5f875999c741a500b9b3688e23afa51d
SSDEEP

786432:lz+qD8SYqht9SQSdhWjNipptCi1qoHSESsqSlkcAeWWQDRW+r2NfqI7qiV6W7:lzbY69SQSdcjNEpkoHxSSlkLecdahZlT

Score

8^/10

Malware Config

Targets

- Target
  
  Discord.Bot.Client.1.0.0.exe
- Size
  
  41.0MB
- MD5
  
  535d445dc5a852df3c42f93427ed61d3
- SHA1
  
  69d3ba9008707ae9427ccc03ce75aea7e842b954
- SHA256
  
  0409f2d3c5cda96547ad5a2a7d361e7b318d520f11cbfef9687da5d0eade69a2
- SHA512
  
  71e94b725bfd1541619c90ae588e6d3ab9fbf72e308741cc6bbccdaaa467167d0369f851455d1500b3ed269353b99cae5f875999c741a500b9b3688e23afa51d
- SSDEEP
  
  786432:lz+qD8SYqht9SQSdhWjNipptCi1qoHSESsqSlkcAeWWQDRW+r2NfqI7qiV6W7:lzbY69SQSdcjNEpkoHxSSlkLecdahZlT
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1