cd9bbc61e70de80264b508d8b3c2a4e42ee852398da6768b3f73e3ce581a3228 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Discord nitro generator.exe
Size

34.0MB
Sample

230202-b8d7kaeb88
MD5

b9333978f0a35d14b4bd146da66afc58
SHA1

bd76cf9c594145bdce269073e32b33a20854110f
SHA256

cd9bbc61e70de80264b508d8b3c2a4e42ee852398da6768b3f73e3ce581a3228
SHA512

c16ff35662f208d3d8e9e4f543273491474e3e760aa53100ca875742b49c9f7c1058a302a4c9da0cca77656426cb203acca6ef653472767d3b48eaf402e42879
SSDEEP

786432:1zx3Fmzux4vdQuvUUJad7cw0XDJ+OmqfaBQKoL77MJuxv4rzL19s35ocW/pU:jp4v/UnUd+9qCA3MAxvmsJ3W/y

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Discord nitro generator.exe
- Size
  
  34.0MB
- MD5
  
  b9333978f0a35d14b4bd146da66afc58
- SHA1
  
  bd76cf9c594145bdce269073e32b33a20854110f
- SHA256
  
  cd9bbc61e70de80264b508d8b3c2a4e42ee852398da6768b3f73e3ce581a3228
- SHA512
  
  c16ff35662f208d3d8e9e4f543273491474e3e760aa53100ca875742b49c9f7c1058a302a4c9da0cca77656426cb203acca6ef653472767d3b48eaf402e42879
- SSDEEP
  
  786432:1zx3Fmzux4vdQuvUUJad7cw0XDJ+OmqfaBQKoL77MJuxv4rzL19s35ocW/pU:jp4v/UnUd+9qCA3MAxvmsJ3W/y
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2