Overview
overview
10Static
static
10Discord To...rd.exe
windows7-x64
7Discord To...rd.exe
windows10-2004-x64
8Discord To...ain.py
windows7-x64
3Discord To...ain.py
windows10-2004-x64
3Discord To...OR.dll
windows7-x64
1Discord To...OR.dll
windows10-2004-x64
1Discord To...hy.dll
windows7-x64
1Discord To...hy.dll
windows10-2004-x64
1Discord To...to.dll
windows7-x64
1Discord To...to.dll
windows10-2004-x64
1Discord To...on.dll
windows7-x64
1Discord To...on.dll
windows10-2004-x64
1Discord To...le.exe
windows7-x64
3Discord To...le.exe
windows10-2004-x64
3Discord To...pp.xml
windows7-x64
1Discord To...pp.xml
windows10-2004-x64
1Discord To...rv.exe
windows7-x64
9Discord To...rv.exe
windows10-2004-x64
9Discord To...ram.js
windows7-x64
1Discord To...ram.js
windows10-2004-x64
1Discord To...er.vbs
windows7-x64
1Discord To...er.vbs
windows10-2004-x64
1Discord To...es.vbs
windows7-x64
1Discord To...es.vbs
windows10-2004-x64
1Discord To...csproj
windows7-x64
3Discord To...csproj
windows10-2004-x64
3Discord To...LI.exe
windows7-x64
1Discord To...LI.exe
windows10-2004-x64
1Discord To...re.dll
windows7-x64
1Discord To...re.dll
windows10-2004-x64
1Discord To...er.dll
windows7-x64
1Discord To...er.dll
windows10-2004-x64
1General
-
Target
Discord Toolz.zip
-
Size
8.3MB
-
Sample
220930-1qpm1sgacl
-
MD5
7915068013e17e8dfc8ef7bcffbef867
-
SHA1
4a34651e6ba06e7c303c5862c134e7864a64414e
-
SHA256
d7dfd3d310c5139ded39804866563572b64969bf71ae556b59edcae9680efe30
-
SHA512
99d7c18f85b24100fbcf74c87a1690be2e39758a97c21b1a9b9144e809aa4362f6cf1c820fd6d6e3dc791dfa09e03fd7b4a54c117648017dd9d531cb57aad00b
-
SSDEEP
196608:50aC95Q38CddgsvDeOqv5LpLeIwHJp9O924YYr4DlsMVc0cO6X95Bl:ua8Cd/Lqv5LNedJK9IpxfV/cZX9F
Static task
static1
Behavioral task
behavioral1
Sample
Discord Toolz/Discord.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Discord Toolz/Discord.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Discord Toolz/Utils/API's/Autoctu/main.py
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
Discord Toolz/Utils/API's/Autoctu/main.py
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Discord Toolz/Utils/API's/Resources/APIFOR.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Discord Toolz/Utils/API's/Resources/APIFOR.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
Discord Toolz/Utils/API's/Resources/Anarchy.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Discord Toolz/Utils/API's/Resources/Anarchy.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
Discord Toolz/Utils/API's/Resources/BouncyCastle.Crypto.dll
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
Discord Toolz/Utils/API's/Resources/BouncyCastle.Crypto.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral11
Sample
Discord Toolz/Utils/API's/Resources/Newtonsoft.Json.dll
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
Discord Toolz/Utils/API's/Resources/Newtonsoft.Json.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
Discord Toolz/Utils/API's/Resources/UltraEmbeddable.exe
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
Discord Toolz/Utils/API's/Resources/UltraEmbeddable.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
Discord Toolz/Utils/API's/bin/App.xml
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
Discord Toolz/Utils/API's/bin/App.xml
Resource
win10v2004-20220812-en
Behavioral task
behavioral17
Sample
Discord Toolz/Utils/API's/bin/Binaries/RtkBtManServ.exe
Resource
win7-20220901-en
Behavioral task
behavioral18
Sample
Discord Toolz/Utils/API's/bin/Binaries/RtkBtManServ.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
Discord Toolz/Utils/API's/bin/Program.js
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
Discord Toolz/Utils/API's/bin/Program.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
Discord Toolz/Utils/API's/bin/Properties/Resources.Designer.vbs
Resource
win7-20220901-en
Behavioral task
behavioral22
Sample
Discord Toolz/Utils/API's/bin/Properties/Resources.Designer.vbs
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
Discord Toolz/Utils/API's/bin/Properties/Resources.vbs
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
Discord Toolz/Utils/API's/bin/Properties/Resources.vbs
Resource
win10v2004-20220901-en
Behavioral task
behavioral25
Sample
Discord Toolz/Utils/API's/bin/TOKEN STEALER CREATOR.csproj
Resource
win7-20220812-en
Behavioral task
behavioral26
Sample
Discord Toolz/Utils/API's/bin/TOKEN STEALER CREATOR.csproj
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
Discord Toolz/Utils/API's/bin/obf/CLI.exe
Resource
win7-20220812-en
Behavioral task
behavioral28
Sample
Discord Toolz/Utils/API's/bin/obf/CLI.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral29
Sample
Discord Toolz/Utils/API's/bin/obf/Confuser.Core.dll
Resource
win7-20220812-en
Behavioral task
behavioral30
Sample
Discord Toolz/Utils/API's/bin/obf/Confuser.Core.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral31
Sample
Discord Toolz/Utils/API's/bin/obf/Confuser.DynCipher.dll
Resource
win7-20220812-en
Behavioral task
behavioral32
Sample
Discord Toolz/Utils/API's/bin/obf/Confuser.DynCipher.dll
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Discord Toolz/Discord.exe
-
Size
104KB
-
MD5
7590651986e34b8379d95a6cbab94ccf
-
SHA1
f9584d626ad68a9c92afc4fd7f371f2dd8eb00e5
-
SHA256
5b72b2d1dbc5e69375720566c0b2e7a3134ab08fd8fd9d465b7527aa29c6f30f
-
SHA512
0dc46b7318c50d9b4990f3a3d9fa906d918ec1404945158535e80efbd03b2e7eb3f138526f0734cea09a5f30e51a1e009e6d0893b69be308334dbfebbf76aeca
-
SSDEEP
3072:eIcfsUia8dd824+xG99U1C1Zq7IoQx0fZlSi3:8fsUiaqd8RgGMy4conS
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Discord Toolz/Utils/API's/Autoctu/main.py
-
Size
3KB
-
MD5
a7d3773639fe2d128cf2d4f02777c83c
-
SHA1
a4541757bdb8c305e09bee667d48b81fd09a322c
-
SHA256
838ef3915b034b3cdf6423a67089f3eaa23e6589bc2cd7891ec041de352f3708
-
SHA512
0e62c2994d612d1789321560b16a32dd460281754eb21fe8b03e685dafbf4560def434a21138ae38afa880ecb3429e5c3388c22af352f88be8befa9d8480b051
Score3/10 -
-
-
Target
Discord Toolz/Utils/API's/Resources/APIFOR.DLL
-
Size
13KB
-
MD5
91b4d211faddb0ebc64fb000d75d96c1
-
SHA1
ba496c122f8e562ff0a4fb272a68f0b9e7bf0a3c
-
SHA256
e47ab6fb21bd8943f63d79387533abac0c2bd98245546df44c4f333d8013c4de
-
SHA512
3f16b0b4618d446d0e42ed2063c611b4ffa72a5b0ff438df5286a216167881737e65d494aa12186e511690eaca2f51c00889c9eae5ab6392c1edf885e5592919
-
SSDEEP
192:NVjzYtxJYPX7OdfdnHpZt8kit/2Y3ciPYEC3qHa:NVgbkXK5NHpZikit/NYE4qHa
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/Resources/Anarchy.dll
-
Size
698KB
-
MD5
6e98294b98518075b872609eb80916e7
-
SHA1
d03580a690174dfd8165c156e84b95e8ebb382cb
-
SHA256
51fd6a092762e04a76726cb55110acae2f622feab2c1a1bc159f7018fb9425d6
-
SHA512
85779d353f094d4d915f0d96480a38a723645b07c5501167e4c75d2902f43a678020765996cfed079436814b7d89dcd50e75aa5df8c621c36024a356fa37e10b
-
SSDEEP
6144:e08MwBcoH7SdWjnY+XgqUydiyBWBNTMF43m6F0ba2zg71YcDKQpskkkp7SDkXzcB:e0FWVu8Y+Xg1SObDKYvItbnZIk
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/Resources/BouncyCastle.Crypto.dll
-
Size
2.5MB
-
MD5
3551343fab213740bbb022e3a6dcf27b
-
SHA1
de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f
-
SHA256
5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6
-
SHA512
e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42
-
SSDEEP
49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/Resources/Newtonsoft.Json.dll
-
Size
492KB
-
MD5
5e02ddaf3b02e43e532fc6a52b04d14b
-
SHA1
67f0bd5cfa3824860626b6b3fff37dc89e305cec
-
SHA256
78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb
-
SHA512
38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c
-
SSDEEP
12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/Resources/UltraEmbeddable.exe
-
Size
465KB
-
MD5
b6b77d0798d39d7fadd69784c4e47c30
-
SHA1
967af699bd9e0f2f20b0743323e5cdd6c3767ea2
-
SHA256
e5c9880090d757207a5cd373f5e1d20c42d7486c742b3a30a2ee741a7aef5ef8
-
SHA512
5140dcebbeb53c8e74364de824d78d6c5fddcfa08f0ac38ff0d898e71bf4f8630f3b529571a7f64be00981e83af7f85a9b6665aedfaf7f0720995fae8a8e28d6
-
SSDEEP
12288:MXUNgkAIMflOWTUpGY5ObqRKd6G2nHVxxd/2KO:QUNdJMNOWTUQveYd6fHnxsKO
Score3/10 -
-
-
Target
Discord Toolz/Utils/API's/bin/App.config
-
Size
184B
-
MD5
13ff21470b63470978e08e4933eb8e56
-
SHA1
3fa7077272c55e85141236d90d302975e3d14b2e
-
SHA256
16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a
-
SHA512
56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/bin/Binaries/RtkBtManServ.exe
-
Size
4.4MB
-
MD5
3405f654559010ca2ae38d786389f0f1
-
SHA1
8ac5552c64dfc3ccf0c678f6f946ee23719cf43d
-
SHA256
bc1364d8e68f515f9f35a6b41c11a649b1f514302eb01812c68c9a95a3198b30
-
SHA512
cb1e5ffed2ab86502ea4236383e9a4211a14b1abda13babbcceea67700c5746b37b4da6e45e10196eb76fa1e6959e71f19c6827466a54df1d5ba5ad2e16fc05b
-
SSDEEP
98304:lQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:ozUcwti7TQlF3ZxxWJSUnDv
Score9/10-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
-
-
Target
Discord Toolz/Utils/API's/bin/Program.cs
-
Size
6KB
-
MD5
fb91a042af865080b1068f1e345ca124
-
SHA1
40ffd430fde179a103b19ef728a33d3da88d9c6f
-
SHA256
e13a25cc5f69e4e9747e577f60f73f33eca48899caa85331f5c61ecbd1b61910
-
SHA512
c12420afc7ddbc30f62a3e295939de0744dd50a8d78da0041eaabd378af1e2152cb363329efdeca70503d416c04642eb666bc1c4b983ea57639a7ac5bf189a6a
-
SSDEEP
96:JoUyFXO4DV0VJ0BnRjEK+MaCH+YetqXOg6SBqxdHboQqrARSYRBIhWHz5I+I0:opNfjEK+MDH+Yesv6Sgx5oQqrVeIw+Y
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/bin/Properties/Resources.Designer.cs
-
Size
2KB
-
MD5
4b5b77878a69b99dfadac9397aa8abe6
-
SHA1
5ffbcc33ced8c2e4ad539970cebac4a8c0f26877
-
SHA256
a2c9f7982cc24f564ceb46be08dcd73985d490a249153700e0b5ecb1fa5c58c0
-
SHA512
70b3294ba2ea399967d818e723692787d77580fd6a4bbcd66e8e0051660ad1a2d76241a9520140f8f28fbde645ee42ea1c6e08e660ce64c3d0b6978355557d03
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/bin/Properties/Resources.resx
-
Size
5KB
-
MD5
0cd8c971317d19bbed44757809bcb92b
-
SHA1
47b15748ecc8e952c5935170090db7c269ce4b4f
-
SHA256
66b5ebd1b0fc73f041ba669ce2184f6f471d5e3524efa34ca31233e9f5395262
-
SHA512
883dba84bf7daae3ea49f9d54c13dda4f125da82ba63f90eeba0900602896ad9492a0adf7b69b67d838034090af20926af5c2934797afaadb38aa069786c1fc6
-
SSDEEP
96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT200qSdvabvDIwQBugqvA:KjrbLPD9sLvIzSvKgIqUEa2
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/bin/TOKEN STEALER CREATOR.csproj
-
Size
4KB
-
MD5
9b49bc17c0d53f6266d029bfc2688ec7
-
SHA1
f9f6a4af73933e8a0f37cd47210a1c63279d330e
-
SHA256
198273da6848a526bd90796ef1d68256710dd1497f545b087b1687fd74eaf6ed
-
SHA512
5aa3409635eab67cf81885a4b7ed2a36478b6fbbaee29b2f0336d9d89afa92d0e8dfca39dd444dfe7fdf83ec5308305a37d8f22448974348a69c912084ee3664
-
SSDEEP
96:7YWnpu58macaxEa460E5vbaJNrNBCHMOdsHVSLYFrs:7DmAWJNHpQ
Score3/10 -
-
-
Target
Discord Toolz/Utils/API's/bin/obf/CLI.exe
-
Size
30KB
-
MD5
a6f83da2bfe041d92ff79b9c238ed72e
-
SHA1
ac12c6e8973f0f64d1395523fdcfcd0d73856128
-
SHA256
0b997165e348b17658bef1e869881c37c79c2a9bb26e132ac4141eefd5912652
-
SHA512
9ce5c2825848d360a07c9555bd940ceaf9c598dbf55f99fa783bbc47ca55dc375f562f29dc94e767ccd0f94120e37be90ad055ea22d353c283b0d3992df36e84
-
SSDEEP
384:AtQiJWE1r0K0vYzZBgB1P5AkWFq7UQweltaJVuTlVKMwW7nj8VtDVth7WAl9MWod:biJWE1QzvYz/K1yXqYQ8VuAwbfVogxq
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/bin/obf/Confuser.Core.dll
-
Size
186KB
-
MD5
6f3e120baa644b4dc085a3dd3e183bcf
-
SHA1
3f7dbdd082447910be5b31cc80ca5cb64f6339c7
-
SHA256
4742104d8e47541ed998d22321717d288cd62682b56f56f4a69dc9bd99c9a6fb
-
SHA512
b42cc08f9e32f0e5ac760bc0af517d2b0e7bf469421faead3d33e7e07d24d538046ea912badc196f83badb5b1dc07b4f0141b8a09723dedf7c16628075963812
-
SSDEEP
3072:GZ9cy/5Jxj5XhlgUmSae1DxMRqXYjKO02cDTi+P1sR+Fna1R1RjYdfc:GZ9cyhJ95XhlgUmSaevwj1pcDH/uL
Score1/10 -
-
-
Target
Discord Toolz/Utils/API's/bin/obf/Confuser.DynCipher.dll
-
Size
48KB
-
MD5
6ebc90e77623826e71ded623a296660b
-
SHA1
4fa7b0dc7582e03a7af6f41cba70b41f3aa5df15
-
SHA256
cdad0a76f0d3f3e73fcdc6e5e6d98b0e88adcc2353c54344375b80197a86fcf6
-
SHA512
a40dea9f56ce29c6d7c3022d6b09b164dfbc2c294b5ebf7869504cf9010d2dc844a371c6d753afe8851b1eb82e7373736bd68a1430a826ded3b74ca3628ccab2
-
SSDEEP
1536:yV4R9J9YnzpSx6dZV0c+NQJOwEhy8bb30aatJILhopNfmxr:yLnzpSx4ZV0c+NQJOwEhy8bb30rJuhoI
Score1/10 -