General
-
Target
https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022/tree/main/Discord%20Image%20Token%20Password%20Grabber%20Exploit%20Cve%202022
-
Sample
221104-zrwbhschaq
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022/tree/main/Discord%20Image%20Token%20Password%20Grabber%20Exploit%20Cve%202022
Resource
win10-20220901-en
Malware Config
Extracted
asyncrat
1.0.7
WindowsDefenderSmarttScreen
217.64.31.3:9742
WindowsDefenderSmarttScreen
-
delay
1
-
install
false
-
install_file
WindowsDefenderSmarttScreen.exe
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
SecurityHealthServic
20.8.122.174:31682
SecurityHealthServic
-
delay
3
-
install
false
-
install_file
SecurityHealthService
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022/tree/main/Discord%20Image%20Token%20Password%20Grabber%20Exploit%20Cve%202022
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-