68eeefd2b6980e569d198701c952a8bc7b7643809fa9c6216d2285a34d119719 | Triage

Sharing

General

Target

Discord.Bot.Client.Setup.3.1.0.exe
Size

92.5MB
Sample

230311-mk56xsbb3v
MD5

d81f9496d4d6913bc112c12ef30d303a
SHA1

7483e1df9944ee74fc53fe24950fee70f3761dcf
SHA256

68eeefd2b6980e569d198701c952a8bc7b7643809fa9c6216d2285a34d119719
SHA512

521561f4d220d0eac47b2038ceb3d06b6a902b5942f9758fb85dde35f004556391593e0de0d6fb8b51fc6cb7283924a2c1c3adb6e4a1b7d37b7d2ffc9c02a5fd
SSDEEP

1572864:9QjBsKN5d/NKnd7PdYo98s4IF4BCe2pg2zOD6DE8rMyY4xMjBsKN5d/NKDPqsHu9:9QjBZT1NKnd7PdYo9taBwy6D9MR/jBZL

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  Discord.Bot.Client.Setup.3.1.0.exe
- Size
  
  92.5MB
- MD5
  
  d81f9496d4d6913bc112c12ef30d303a
- SHA1
  
  7483e1df9944ee74fc53fe24950fee70f3761dcf
- SHA256
  
  68eeefd2b6980e569d198701c952a8bc7b7643809fa9c6216d2285a34d119719
- SHA512
  
  521561f4d220d0eac47b2038ceb3d06b6a902b5942f9758fb85dde35f004556391593e0de0d6fb8b51fc6cb7283924a2c1c3adb6e4a1b7d37b7d2ffc9c02a5fd
- SSDEEP
  
  1572864:9QjBsKN5d/NKnd7PdYo98s4IF4BCe2pg2zOD6DE8rMyY4xMjBsKN5d/NKDPqsHu9:9QjBZT1NKnd7PdYo9taBwy6D9MR/jBZL
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2