General
-
Target
exploitshit.zip
-
Size
569KB
-
Sample
240414-x3kcaabd84
-
MD5
f0373216bec8ab2c5800dfdbb580410c
-
SHA1
5cb7c237662dff147fbf73734291ca341e8c0b38
-
SHA256
bc797ac3593f379378d338d437f476a942fc1e3c1b8684e50cb9174fc24f58b9
-
SHA512
91984dc0219ba88223e60339909c6a2fe7f9b01e522fbe98f1d09c6ac67f874da7772188a4b8355596bd27941ec17b5c7e34e0979ad62ac494ed505fdefba740
-
SSDEEP
12288:LroKQGq3VflVQudezPCaRARfCIG8bzudhBV2rBrRqKrTUCbMIGu8k:Lrdq3VfliudMlRdgSHSBNN47ju8k
Static task
static1
Behavioral task
behavioral1
Sample
exploit.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
vscode.bat
Resource
win10v2004-20240412-en
Malware Config
Extracted
discordrat
-
discord_token
MTIyMjg4ODc4NjY4MjQ1MDAwMA.GrWWth.lufsbZUbCt6RpsyO9yf6mU1zPT_mACVqxKnhtg
-
server_id
1229118384591994951
Targets
-
-
Target
exploit.exe
-
Size
452KB
-
MD5
68bc76c2ed77201f7d2860496c9f59ad
-
SHA1
8192f2529a0b43d84e8ce9a4a579baa2db0a9590
-
SHA256
b08f9e7c8ce2f261154a026845b85fe29f6ba5ad2563ef289e6e3bb6aba8cb9a
-
SHA512
b25f85766478c8b6595aa0badccca7b5741cef06cd7cfe8bee041d7d1727d0ba5308cc60be6d3cfa9390c1cd15cf2ebe86e82eb7e421abd775e7c62610517719
-
SSDEEP
12288:U0kqjVnl36ud0zR/6CtQ9PUHIG8DhMuD7R:HkqjVnlqud+/2P+AOE7R
Score1/10 -
-
-
Target
vscode.bat
-
Size
274KB
-
MD5
0d8058c9dafb33c14781290f74cff9f5
-
SHA1
505b9ec433f9c26319ad3b06eaed2f9579fb3d1d
-
SHA256
1e938491719616ade4bd63d17be73b26d6856fdca3c1255e99ab004ace719d4b
-
SHA512
886bae7d223072ee04852d9abce1aa05801ad50e6681cb4ed9a784d952e353fdf639713b706af8e1b7019422b32573ba75441e5cb60e5abdff908ad65f090b0b
-
SSDEEP
6144:aaH4va70scVkDAa5t8PL1ZHGoJtaCnK2RU+Xe/L:atR9VKAa5t8PBVdvXTXe/L
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-