35e2c4a8396407c30362787899259d80b7f1b554023be29efb34ae264c32ddc3

Resubmissions

03/02/2024, 09:57

240203-lyzqmaefd3 8

03/02/2024, 09:53

240203-lw3dqshaek 8

03/02/2024, 09:53

240203-lwp4eahadn 3

Sharing

Copy URL Twitter E-mail

General

Target

discord-server-copy-main.zip
Size

14KB
Sample

240203-lyzqmaefd3
MD5

deee1a2ff48f9e7d00d86a5e90ade44f
SHA1

6109d51f57e951cea87dcf48fad1e0ed3816b74c
SHA256

35e2c4a8396407c30362787899259d80b7f1b554023be29efb34ae264c32ddc3
SHA512

6ffb76b5f0d280822216209408c697a75ddfc6126834a33e737639ea74244a6756e33bafe3b9d18a4f063a5d6f22a48f6aaa1d5da7a2105c574fc1e46c3cda58
SSDEEP

192:eBwlJHXkmF0ahvd775M+KC+MVA39TLLkssuNKFkLTwVJhZkQ1BjzmB1jUqz:eBwlBJphvxN6CtET0s9KFGTskoMBUC

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  discord-server-copy-main/main.py
- Size
  
  8KB
- MD5
  
  dd1263085a06274b578b220606535a6f
- SHA1
  
  df6f250e73b89408210e4785f52c1afa4eee3a63
- SHA256
  
  fb296b65a38ba6500cd394298035de5246658d9811c605b2d2b02b9f1ae11b2a
- SHA512
  
  fc8bc2530529c298f02e87561bb6ef966d7860ecb8246ff79463f861591b820bbde13895124817abf9c45ff1ce657982dba16da10ac865201fc647e6c7da01b0
- SSDEEP
  
  192:fCQnzMN3fIZIcAI7u4VfCX6j4MDHc/cgab7+bjgeDkYWCA2EatstSYQfaqjlpk:ffnQNg46fCq4oHm07e8CA2PtstSYQfaj
Score

3^/10
behavioral1 behavioral2
- Target
  
  discord-server-copy-main/modules/cloner.py
- Size
  
  21KB
- MD5
  
  7609ea2bbd62c75a04ed5e1f46230d49
- SHA1
  
  e67788d9d4291e023be964234499e9912735a164
- SHA256
  
  e3f4ef3abdd7320a14faad4303a05cfe40c555424f35f2cab953270004461e57
- SHA512
  
  9340ccf043aecbab7c0a061056ce77c260e77d7b7cf92094c0929924a3e79602f1534183be75da2abb549e8bf3962fdcfd84edc15bc6e9912573df59ff3a46f9
- SSDEEP
  
  192:0rH3Z8GWH5SNPxXfJAzIIBWBEsaO5d7nYVNYtLHgeJxV7Y55VpkvlSClSvoHzVzA:wJ8tZSVAsNBEI5dTXAewsvM
Score

3^/10
behavioral3 behavioral4
- Target
  
  discord-server-copy-main/modules/configuration.py
- Size
  
  1KB
- MD5
  
  0c0c4c78f21494f5ace69cd106c1d859
- SHA1
  
  52dc57c99221ee4d33ff4d1cc394b4f9bffa476c
- SHA256
  
  9ba85d8c1935713d9510fe0d7e99758a211f20021b1c71c9045995c218f26630
- SHA512
  
  791ec2e7293748319956139d3d5134cbffe82dc24803dc313e13fa2cf1bd1eefd06dbc182b47e5be6b05ae303c1a2cd3aa93138f9e33175947f07c9df3a9bd54
Score

3^/10
behavioral5 behavioral6
- Target
  
  discord-server-copy-main/modules/logger.py
- Size
  
  2KB
- MD5
  
  ab462239f2c0456d99a5c4c0f3648b0d
- SHA1
  
  c57af62f5dceb2a685aab0952c3200cbc49cf34e
- SHA256
  
  9fa088e6110ed5444ac464e01286e5929abdf7cd16ea4c0125a6118cc7b55492
- SHA512
  
  c0dac18ba13294d5fc1a19618008deb66ec2a4364a631bd68ed3e29f75e59399dde260f78c51a2ae8499b2c7fdd380b065e029954f667329f732a4f2d26220b4
Score

3^/10
behavioral7 behavioral8
- Target
  
  discord-server-copy-main/modules/updater.py
- Size
  
  725B
- MD5
  
  929a2a6fc9de3aaa246eac8a1474ffa4
- SHA1
  
  95e3ce8891a98a525d0af656f29e16ba55e57568
- SHA256
  
  f4452bafbfac00faaa87b798e5faeffbb6ef4ec4e3caf70a01b8d610c831ec31
- SHA512
  
  75567d7752440a8657dafb97fe1377f3612bfc2491dc8fa9c81afa70b87b400ffa3320c6198aac6c55966a2ce6a5a3b6bb7aba573a94c9ba9b74e0d8cde52d1b
Score

3^/10
behavioral10 behavioral9
- Target
  
  discord-server-copy-main/start.bat
- Size
  
  141B
- MD5
  
  b4170e7560bdcc87af294008c1c742aa
- SHA1
  
  013ec4e3cf858c0fed0db7f6d07405a798d8ba2a
- SHA256
  
  0ceb8caf193e0131f713d237c61e3dd996b6bff9afa2f07a63d61e03ffc63ab6
- SHA512
  
  722e5b877285373270a02bc59070f1e797ec44367b42afa3b190104722c23e9af43a9c27329c32eb6b8c1c72cf0f07baf4536f43dbb47b42bce80b97b1a378a8
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Blocklisted process makes network request

Checks installed software on the system

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12