c3d408ccb170219bf52f1dedbc24f02595110b28bbc34adcba6c39ec3a027e00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Discord Account Creator.exe
Size

16.0MB
Sample

230512-xbjxfaeb65
MD5

3c4579c082cbc74efae98871d20cc5a0
SHA1

1f7974c030d666cf61a912193852fce3ebf58dc5
SHA256

c3d408ccb170219bf52f1dedbc24f02595110b28bbc34adcba6c39ec3a027e00
SHA512

87b95959c0b859ab8624bfd7fd940cb7ab0f20bc47e102b32a51ca247014cb7369a8897f327f7ba4c6b2a8dee691833eb9dca2242a967277d2c291d1f0a3f046
SSDEEP

393216:2hbGgP1KwCteW6EW3imtykJQlpYKoV3UWTj4iD8h:2hbn1Ate3rEU0ToV3nj

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Discord Account Creator.exe
- Size
  
  16.0MB
- MD5
  
  3c4579c082cbc74efae98871d20cc5a0
- SHA1
  
  1f7974c030d666cf61a912193852fce3ebf58dc5
- SHA256
  
  c3d408ccb170219bf52f1dedbc24f02595110b28bbc34adcba6c39ec3a027e00
- SHA512
  
  87b95959c0b859ab8624bfd7fd940cb7ab0f20bc47e102b32a51ca247014cb7369a8897f327f7ba4c6b2a8dee691833eb9dca2242a967277d2c291d1f0a3f046
- SSDEEP
  
  393216:2hbGgP1KwCteW6EW3imtykJQlpYKoV3UWTj4iD8h:2hbn1Ate3rEU0ToV3nj
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2