2c8c3f71a3a477e39e30ac33ba5deb3a37c862f741f4357b2a31384f4ec383d1 | Triage

Sharing

General

Target

Discord.exe
Size

18.8MB
Sample

230205-c4brbabc3v
MD5

6e1c740de994ac538bb8066e513f2b56
SHA1

8bb035046eac76a7c43cd252b47805b0b1d6a692
SHA256

2c8c3f71a3a477e39e30ac33ba5deb3a37c862f741f4357b2a31384f4ec383d1
SHA512

41306df12587b22b0dc22599205fe36eb202ca3f085d6418574ab00d073f1f75996370691f728a9efcdc3dfe591c527f95757ce15064ce556d64ed27665246c1
SSDEEP

393216:Uyu7L/quznSyY+k4tO2dQuslN/m3pDl9AJ4ZoWOv+9fPV4aNKmKLMjK7i:UyCLSOY4tndQu4KRS4ZorvS3nKmoMjKu

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Discord.exe
- Size
  
  18.8MB
- MD5
  
  6e1c740de994ac538bb8066e513f2b56
- SHA1
  
  8bb035046eac76a7c43cd252b47805b0b1d6a692
- SHA256
  
  2c8c3f71a3a477e39e30ac33ba5deb3a37c862f741f4357b2a31384f4ec383d1
- SHA512
  
  41306df12587b22b0dc22599205fe36eb202ca3f085d6418574ab00d073f1f75996370691f728a9efcdc3dfe591c527f95757ce15064ce556d64ed27665246c1
- SSDEEP
  
  393216:Uyu7L/quznSyY+k4tO2dQuslN/m3pDl9AJ4ZoWOv+9fPV4aNKmKLMjK7i:UyCLSOY4tndQu4KRS4ZorvS3nKmoMjKu
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2