Overview

overview

10

Static

static

10

DiscordNitroGen.exe

windows7-x64

10

DiscordNitroGen.exe

windows10-2004-x64

10

Resubmissions

02/10/2023, 11:43

231002-nvrlyshf6t 10

23/05/2023, 19:13

230523-xw29hsgh32 7

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2023, 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DiscordNitroGen.exe

  • Size

    5.0MB

  • MD5

    ac03bc15840de0735bc509df2605315d

  • SHA1

    c83e86956dfe720289e05b765b16d6c4bed1b380

  • SHA256

    5f7ef589be80bc41e17b2bc2bb9dcfb9f457815298228b313b4186d983a9b206

  • SHA512

    8221ddc84711e6fd3f8a6b25178b7222fa60aded1b2f82c0da307bd4160ddbab90f41b85deba7a772df380837c129bb45a059f2aca7ce335094001f68471aef0

  • SSDEEP

    3072:tk9F8AiUC7llUdOKViKa6pOWbhpAKyKIVUjtub/cOZzo0xBe0DE:tk9ovTKDhpAKwmEbFZUWD

Score
10/10
growtopiapersistencespywarestealer

Malware Config

Extracted

Family

growtopia

Attributes
  • payload_url

    https://cdn.discordapp.com/attachments/741651301993152592/741658256740712458/WebBrowserPassView.exe

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\DiscordNitroGen.exe
    "C:\Users\Admin\AppData\Local\Temp\DiscordNitroGen.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2260-0-0x0000000000AC0000-0x0000000000AF6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2260-1-0x00007FFD21250000-0x00007FFD21D11000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2260-2-0x000000001B760000-0x000000001B770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2260-4-0x0000000002BD0000-0x0000000002BE6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2260-5-0x0000000002BF0000-0x0000000002BFC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2260-6-0x00007FFD21250000-0x00007FFD21D11000-memory.dmp

    Filesize

    10.8MB

    Download