General
-
Target
ByGay.exe
-
Size
20.8MB
-
Sample
231120-3d1kvsbe2v
-
MD5
6f54b4191ac9d44e27ab567bf26e4768
-
SHA1
244de438e62d815483561b99550a8b02a2a7625c
-
SHA256
da2ecdafa3fbcc59f30fed701e9c3529432bcc479fc18ffe575310601d8e4576
-
SHA512
284b786e1772db32718b11d0cf2cc65e51259648c16f130ac31b353e3b421e762e2ee5869540d161bd8d7535e06da9bc984cdf3bf6982c15d9a4dab3b5491081
-
SSDEEP
393216:PUdMOZ0JTQDXYCxnOshouIkPUktRL5okJb8LgSUu16RCOdi99AC:PUdMOZ0JTQ7YCxOwouYktRLSaLSqIrj
Behavioral task
behavioral1
Sample
discord_token_grabber.pyc
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
e523026b612006e580e96bd9e2a8882c
-
SHA1
03b9938701f7eff11a0c3632ed805e8188598c88
-
SHA256
8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77
-
SHA512
a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853
-
SSDEEP
384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-