General

  • Target

    Discord-Account-Gen-main.zip

  • Size

    6KB

  • Sample

    240403-n2t1nadc33

  • MD5

    2fd75eb56ddf5e18007d600260bc29e6

  • SHA1

    57b827cf55444d9e8f6fc5f12660d11ecc0a37d9

  • SHA256

    a3fb04421d448c512bc72013b859906d405db4e8ff8bc399b268de8213d11a59

  • SHA512

    8f20e92ef0a42e790f5c0be3bcd7b612a608ceed9775b81a8f197cf24fa88cb9fc7f84b4d93a6a25d39259130c72bde41a2cb86c3c571cc00902159e870dfc82

  • SSDEEP

    192:kyVLPbvU+I2it9fnlDgdKtmk11xw9qrz4tTUzSgn9yaLhUhIu:kYDbvLnit9flDgWmk1zwsf4t4znn9PlC

Malware Config

Targets

    • Target

      Discord-Account-Gen-main/main.py

    • Size

      7KB

    • MD5

      826b948b1422409e2ef8cc6a0289d57a

    • SHA1

      abe2ece09a7997927d32efe5f73146e35b93fe0b

    • SHA256

      af85d4a3df676727ae5da35b23477dfda685bf56252ca977610a15395d786b2e

    • SHA512

      77bc9b2c662dc6f6c0e32a5f8a59285da7c69551c43ebf5f2695291fff047662a5b8289ddee7f78fff416f2d31bda05af1ad7a49a095c587e53de51a6246a1e1

    • SSDEEP

      192:a8zBLz7SJo9cJ+rYuHbQ+hSwLo6QlQjq96MU8WLCtORFPGWF+8/D0q:a8zB37SO9cKbHbQ+hSwLylQjq9618OHP

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks