ab60e97887d847df3174281b4b231e0c6b891e7ac0c4eed2c305b45398530bff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Discord Nitro Generator.exe
Size

19.2MB
Sample

230718-stchvscd5x
MD5

fd56abce78f5b7af0923901a0c6389dd
SHA1

30d5d2f6e3ba6af12654de98bac571d2c3e0de4f
SHA256

ab60e97887d847df3174281b4b231e0c6b891e7ac0c4eed2c305b45398530bff
SHA512

afa267883649c494e267d14b22346a898f0497de192163bd2c264e719da570157c24b99386d7216e991a690ffd98f78479854051adf505f04bc0dd2c3de2f1a3
SSDEEP

393216:gIoVRjW9dM/ISWdQ2lN/m3pJ+9J8ecH4+Z4Jt8hXeSs:gIoHjWT6ISWdQGKA9J8ecYwP

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Discord Nitro Generator.exe
- Size
  
  19.2MB
- MD5
  
  fd56abce78f5b7af0923901a0c6389dd
- SHA1
  
  30d5d2f6e3ba6af12654de98bac571d2c3e0de4f
- SHA256
  
  ab60e97887d847df3174281b4b231e0c6b891e7ac0c4eed2c305b45398530bff
- SHA512
  
  afa267883649c494e267d14b22346a898f0497de192163bd2c264e719da570157c24b99386d7216e991a690ffd98f78479854051adf505f04bc0dd2c3de2f1a3
- SSDEEP
  
  393216:gIoVRjW9dM/ISWdQ2lN/m3pJ+9J8ecH4+Z4Jt8hXeSs:gIoHjWT6ISWdQGKA9J8ecYwP
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2