d7dfd3d310c5139ded39804866563572b64969bf71ae556b59edcae9680efe30

Sharing

Copy URL

Twitter E-mail

General

Target

Discord Toolz.zip
Size

8.3MB
Sample

220930-1qpm1sgacl
MD5

7915068013e17e8dfc8ef7bcffbef867
SHA1

4a34651e6ba06e7c303c5862c134e7864a64414e
SHA256

d7dfd3d310c5139ded39804866563572b64969bf71ae556b59edcae9680efe30
SHA512

99d7c18f85b24100fbcf74c87a1690be2e39758a97c21b1a9b9144e809aa4362f6cf1c820fd6d6e3dc791dfa09e03fd7b4a54c117648017dd9d531cb57aad00b
SSDEEP

196608:50aC95Q38CddgsvDeOqv5LpLeIwHJp9O924YYr4DlsMVc0cO6X95Bl:ua8Cd/Lqv5LNedJK9IpxfV/cZX9F

Score

10^/10

agilenet evasion

Malware Config

Targets

- Target
  
  Discord Toolz/Discord.exe
- Size
  
  104KB
- MD5
  
  7590651986e34b8379d95a6cbab94ccf
- SHA1
  
  f9584d626ad68a9c92afc4fd7f371f2dd8eb00e5
- SHA256
  
  5b72b2d1dbc5e69375720566c0b2e7a3134ab08fd8fd9d465b7527aa29c6f30f
- SHA512
  
  0dc46b7318c50d9b4990f3a3d9fa906d918ec1404945158535e80efbd03b2e7eb3f138526f0734cea09a5f30e51a1e009e6d0893b69be308334dbfebbf76aeca
- SSDEEP
  
  3072:eIcfsUia8dd824+xG99U1C1Zq7IoQx0fZlSi3:8fsUiaqd8RgGMy4conS
Score

8^/10

agilenet evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Discord Toolz/Utils/API's/Autoctu/main.py
- Size
  
  3KB
- MD5
  
  a7d3773639fe2d128cf2d4f02777c83c
- SHA1
  
  a4541757bdb8c305e09bee667d48b81fd09a322c
- SHA256
  
  838ef3915b034b3cdf6423a67089f3eaa23e6589bc2cd7891ec041de352f3708
- SHA512
  
  0e62c2994d612d1789321560b16a32dd460281754eb21fe8b03e685dafbf4560def434a21138ae38afa880ecb3429e5c3388c22af352f88be8befa9d8480b051
Score

3^/10
behavioral3 behavioral4
- Target
  
  Discord Toolz/Utils/API's/Resources/APIFOR.DLL
- Size
  
  13KB
- MD5
  
  91b4d211faddb0ebc64fb000d75d96c1
- SHA1
  
  ba496c122f8e562ff0a4fb272a68f0b9e7bf0a3c
- SHA256
  
  e47ab6fb21bd8943f63d79387533abac0c2bd98245546df44c4f333d8013c4de
- SHA512
  
  3f16b0b4618d446d0e42ed2063c611b4ffa72a5b0ff438df5286a216167881737e65d494aa12186e511690eaca2f51c00889c9eae5ab6392c1edf885e5592919
- SSDEEP
  
  192:NVjzYtxJYPX7OdfdnHpZt8kit/2Y3ciPYEC3qHa:NVgbkXK5NHpZikit/NYE4qHa
Score

1^/10
behavioral5 behavioral6
- Target
  
  Discord Toolz/Utils/API's/Resources/Anarchy.dll
- Size
  
  698KB
- MD5
  
  6e98294b98518075b872609eb80916e7
- SHA1
  
  d03580a690174dfd8165c156e84b95e8ebb382cb
- SHA256
  
  51fd6a092762e04a76726cb55110acae2f622feab2c1a1bc159f7018fb9425d6
- SHA512
  
  85779d353f094d4d915f0d96480a38a723645b07c5501167e4c75d2902f43a678020765996cfed079436814b7d89dcd50e75aa5df8c621c36024a356fa37e10b
- SSDEEP
  
  6144:e08MwBcoH7SdWjnY+XgqUydiyBWBNTMF43m6F0ba2zg71YcDKQpskkkp7SDkXzcB:e0FWVu8Y+Xg1SObDKYvItbnZIk
Score

1^/10
behavioral7 behavioral8
- Target
  
  Discord Toolz/Utils/API's/Resources/BouncyCastle.Crypto.dll
- Size
  
  2.5MB
- MD5
  
  3551343fab213740bbb022e3a6dcf27b
- SHA1
  
  de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f
- SHA256
  
  5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6
- SHA512
  
  e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42
- SSDEEP
  
  49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0
Score

1^/10
behavioral9 behavioral10
- Target
  
  Discord Toolz/Utils/API's/Resources/Newtonsoft.Json.dll
- Size
  
  492KB
- MD5
  
  5e02ddaf3b02e43e532fc6a52b04d14b
- SHA1
  
  67f0bd5cfa3824860626b6b3fff37dc89e305cec
- SHA256
  
  78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb
- SHA512
  
  38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c
- SSDEEP
  
  12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH
Score

1^/10
behavioral11 behavioral12
- Target
  
  Discord Toolz/Utils/API's/Resources/UltraEmbeddable.exe
- Size
  
  465KB
- MD5
  
  b6b77d0798d39d7fadd69784c4e47c30
- SHA1
  
  967af699bd9e0f2f20b0743323e5cdd6c3767ea2
- SHA256
  
  e5c9880090d757207a5cd373f5e1d20c42d7486c742b3a30a2ee741a7aef5ef8
- SHA512
  
  5140dcebbeb53c8e74364de824d78d6c5fddcfa08f0ac38ff0d898e71bf4f8630f3b529571a7f64be00981e83af7f85a9b6665aedfaf7f0720995fae8a8e28d6
- SSDEEP
  
  12288:MXUNgkAIMflOWTUpGY5ObqRKd6G2nHVxxd/2KO:QUNdJMNOWTUQveYd6fHnxsKO
Score

3^/10
behavioral13 behavioral14
- Target
  
  Discord Toolz/Utils/API's/bin/App.config
- Size
  
  184B
- MD5
  
  13ff21470b63470978e08e4933eb8e56
- SHA1
  
  3fa7077272c55e85141236d90d302975e3d14b2e
- SHA256
  
  16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a
- SHA512
  
  56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8
Score

1^/10
behavioral15 behavioral16
- Target
  
  Discord Toolz/Utils/API's/bin/Binaries/RtkBtManServ.exe
- Size
  
  4.4MB
- MD5
  
  3405f654559010ca2ae38d786389f0f1
- SHA1
  
  8ac5552c64dfc3ccf0c678f6f946ee23719cf43d
- SHA256
  
  bc1364d8e68f515f9f35a6b41c11a649b1f514302eb01812c68c9a95a3198b30
- SHA512
  
  cb1e5ffed2ab86502ea4236383e9a4211a14b1abda13babbcceea67700c5746b37b4da6e45e10196eb76fa1e6959e71f19c6827466a54df1d5ba5ad2e16fc05b
- SSDEEP
  
  98304:lQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:ozUcwti7TQlF3ZxxWJSUnDv
Score

9^/10
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
behavioral17 behavioral18
- Target
  
  Discord Toolz/Utils/API's/bin/Program.cs
- Size
  
  6KB
- MD5
  
  fb91a042af865080b1068f1e345ca124
- SHA1
  
  40ffd430fde179a103b19ef728a33d3da88d9c6f
- SHA256
  
  e13a25cc5f69e4e9747e577f60f73f33eca48899caa85331f5c61ecbd1b61910
- SHA512
  
  c12420afc7ddbc30f62a3e295939de0744dd50a8d78da0041eaabd378af1e2152cb363329efdeca70503d416c04642eb666bc1c4b983ea57639a7ac5bf189a6a
- SSDEEP
  
  96:JoUyFXO4DV0VJ0BnRjEK+MaCH+YetqXOg6SBqxdHboQqrARSYRBIhWHz5I+I0:opNfjEK+MDH+Yesv6Sgx5oQqrVeIw+Y
Score

1^/10
behavioral19 behavioral20
- Target
  
  Discord Toolz/Utils/API's/bin/Properties/Resources.Designer.cs
- Size
  
  2KB
- MD5
  
  4b5b77878a69b99dfadac9397aa8abe6
- SHA1
  
  5ffbcc33ced8c2e4ad539970cebac4a8c0f26877
- SHA256
  
  a2c9f7982cc24f564ceb46be08dcd73985d490a249153700e0b5ecb1fa5c58c0
- SHA512
  
  70b3294ba2ea399967d818e723692787d77580fd6a4bbcd66e8e0051660ad1a2d76241a9520140f8f28fbde645ee42ea1c6e08e660ce64c3d0b6978355557d03
Score

1^/10
behavioral21 behavioral22
- Target
  
  Discord Toolz/Utils/API's/bin/Properties/Resources.resx
- Size
  
  5KB
- MD5
  
  0cd8c971317d19bbed44757809bcb92b
- SHA1
  
  47b15748ecc8e952c5935170090db7c269ce4b4f
- SHA256
  
  66b5ebd1b0fc73f041ba669ce2184f6f471d5e3524efa34ca31233e9f5395262
- SHA512
  
  883dba84bf7daae3ea49f9d54c13dda4f125da82ba63f90eeba0900602896ad9492a0adf7b69b67d838034090af20926af5c2934797afaadb38aa069786c1fc6
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT200qSdvabvDIwQBugqvA:KjrbLPD9sLvIzSvKgIqUEa2
Score

1^/10
behavioral23 behavioral24
- Target
  
  Discord Toolz/Utils/API's/bin/TOKEN STEALER CREATOR.csproj
- Size
  
  4KB
- MD5
  
  9b49bc17c0d53f6266d029bfc2688ec7
- SHA1
  
  f9f6a4af73933e8a0f37cd47210a1c63279d330e
- SHA256
  
  198273da6848a526bd90796ef1d68256710dd1497f545b087b1687fd74eaf6ed
- SHA512
  
  5aa3409635eab67cf81885a4b7ed2a36478b6fbbaee29b2f0336d9d89afa92d0e8dfca39dd444dfe7fdf83ec5308305a37d8f22448974348a69c912084ee3664
- SSDEEP
  
  96:7YWnpu58macaxEa460E5vbaJNrNBCHMOdsHVSLYFrs:7DmAWJNHpQ
Score

3^/10
behavioral25 behavioral26
- Target
  
  Discord Toolz/Utils/API's/bin/obf/CLI.exe
- Size
  
  30KB
- MD5
  
  a6f83da2bfe041d92ff79b9c238ed72e
- SHA1
  
  ac12c6e8973f0f64d1395523fdcfcd0d73856128
- SHA256
  
  0b997165e348b17658bef1e869881c37c79c2a9bb26e132ac4141eefd5912652
- SHA512
  
  9ce5c2825848d360a07c9555bd940ceaf9c598dbf55f99fa783bbc47ca55dc375f562f29dc94e767ccd0f94120e37be90ad055ea22d353c283b0d3992df36e84
- SSDEEP
  
  384:AtQiJWE1r0K0vYzZBgB1P5AkWFq7UQweltaJVuTlVKMwW7nj8VtDVth7WAl9MWod:biJWE1QzvYz/K1yXqYQ8VuAwbfVogxq
Score

1^/10
behavioral27 behavioral28
- Target
  
  Discord Toolz/Utils/API's/bin/obf/Confuser.Core.dll
- Size
  
  186KB
- MD5
  
  6f3e120baa644b4dc085a3dd3e183bcf
- SHA1
  
  3f7dbdd082447910be5b31cc80ca5cb64f6339c7
- SHA256
  
  4742104d8e47541ed998d22321717d288cd62682b56f56f4a69dc9bd99c9a6fb
- SHA512
  
  b42cc08f9e32f0e5ac760bc0af517d2b0e7bf469421faead3d33e7e07d24d538046ea912badc196f83badb5b1dc07b4f0141b8a09723dedf7c16628075963812
- SSDEEP
  
  3072:GZ9cy/5Jxj5XhlgUmSae1DxMRqXYjKO02cDTi+P1sR+Fna1R1RjYdfc:GZ9cyhJ95XhlgUmSaevwj1pcDH/uL
Score

1^/10
behavioral29 behavioral30
- Target
  
  Discord Toolz/Utils/API's/bin/obf/Confuser.DynCipher.dll
- Size
  
  48KB
- MD5
  
  6ebc90e77623826e71ded623a296660b
- SHA1
  
  4fa7b0dc7582e03a7af6f41cba70b41f3aa5df15
- SHA256
  
  cdad0a76f0d3f3e73fcdc6e5e6d98b0e88adcc2353c54344375b80197a86fcf6
- SHA512
  
  a40dea9f56ce29c6d7c3022d6b09b164dfbc2c294b5ebf7869504cf9010d2dc844a371c6d753afe8851b1eb82e7373736bd68a1430a826ded3b74ca3628ccab2
- SSDEEP
  
  1536:yV4R9J9YnzpSx6dZV0c+NQJOwEhy8bb30aatJILhopNfmxr:yLnzpSx4ZV0c+NQJOwEhy8bb30rJuhoI
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Tasks

Sharing

General

Malware Config

Targets

Disables Task Manager via registry modification

Checks computer location settings

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Legitimate hosting services abused for malware hosting/C2

NirSoft WebBrowserPassView

Nirsoft

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32