General

  • Target

    discord_tool.exe

  • Size

    18.5MB

  • Sample

    240227-zpa8kabd7y

  • MD5

    df1a3b9181c940d2aeeedc43997a4d43

  • SHA1

    58ed3c402f0cf48a52de6aee4607da749d0983c8

  • SHA256

    de52a09d9ec109090b32af3ff15618e6fa80a2413019c82fe9200968c8d3dd3c

  • SHA512

    883e833ec2c39a9ca2881345bbf6823e3fff8fc6167937c1f16ce59deb2b288d90df3c6f7bf58dce64c398ebfd37275712a665be1cec8451d3cce1b60d9cd224

  • SSDEEP

    393216:HqPnLFXlrHQ8DOETgs77fGF+gYMvE+58akkfXq:KPLFXNHQhE7h7l+fLi

Malware Config

Targets

    • Target

      discord_tool.exe

    • Size

      18.5MB

    • MD5

      df1a3b9181c940d2aeeedc43997a4d43

    • SHA1

      58ed3c402f0cf48a52de6aee4607da749d0983c8

    • SHA256

      de52a09d9ec109090b32af3ff15618e6fa80a2413019c82fe9200968c8d3dd3c

    • SHA512

      883e833ec2c39a9ca2881345bbf6823e3fff8fc6167937c1f16ce59deb2b288d90df3c6f7bf58dce64c398ebfd37275712a665be1cec8451d3cce1b60d9cd224

    • SSDEEP

      393216:HqPnLFXlrHQ8DOETgs77fGF+gYMvE+58akkfXq:KPLFXNHQhE7h7l+fLi

    Score
    7/10
    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      b56af112abd2896c9f4e9002f0177a45

    • SHA1

      b1b9776e1ab58bab5585004467495902079bfed5

    • SHA256

      45eed04e3e91d024054ab356efe5e1024dae9adfd22b87d36b5b4379183e0a6a

    • SHA512

      0f94f2205ad53bd9d90f5ec2df42ccdb6c6ca626ced86612c666915a624617e47a0dd40148d07c1f38fc27634bd9e1a09ff351c2f15fa829b879db5fc0300fbc

    • SSDEEP

      192:wuwVLsD8gZeIWdXwklzTmS8JhwbgV+Mdwe2Dnw:CetWukjQ2bS+Pe2Dw

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks