General
-
Target
https://cdn.discordapp.com/attachments/1229097803268227114/1229105302264217681/free_robux.exe?ex=662e7883&is=661c0383&hm=e22f9ad8f9b39c1d906eebb9108b395a29786544df365f91714a0fe93dff0c1b&
-
Sample
240414-vceb8sab34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1229097803268227114/1229105302264217681/free_robux.exe?ex=662e7883&is=661c0383&hm=e22f9ad8f9b39c1d906eebb9108b395a29786544df365f91714a0fe93dff0c1b&
Resource
win10v2004-20240226-en
Malware Config
Extracted
discordrat
-
discord_token
MTA2ODI0MTMyMDk4MTgyNzU5NA.GDi6tE.t2T-c9UBEtvdju9XJt2A5HWfqJ2wasQ2apTfdg
-
server_id
1068241914974974063
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1229097803268227114/1229105302264217681/free_robux.exe?ex=662e7883&is=661c0383&hm=e22f9ad8f9b39c1d906eebb9108b395a29786544df365f91714a0fe93dff0c1b&
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-