General
-
Target
sgpj.exe
-
Size
563KB
-
Sample
240416-y6bd8adc6z
-
MD5
0bbc0a7dc1a58f8a33fbd893ec737bc2
-
SHA1
6cc449fffcf0111d62ff0475afb30eef7d774089
-
SHA256
9f7154d3786a9f445d249454777da82ebca55681b0fdbe54f1695ce31a30543f
-
SHA512
d6a4cb34a70180951925d5414c1a563a37a5a6d5c92b6fc8c741711637ebd1af60a0e375e00334599f322226a084641f099042b524f7152c720f8a2e7ee14445
-
SSDEEP
12288:oCQjgAtAHM+vetZxF5EWry8AJGy0yfnSWv46NuV9TXH2505/N:o5ZWs+OZVEWry8AFBTjNufH2kV
Static task
static1
Behavioral task
behavioral1
Sample
sgpj.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sgpj.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
discordrat
-
discord_token
MTIyOTg4MjMyNDM2ODM2MzcwMA.GrfReS.9yWuSoWr3uhKK0b6qurk33JdihJVamaZgss9Yg
-
server_id
1229880755757514752
Targets
-
-
Target
sgpj.exe
-
Size
563KB
-
MD5
0bbc0a7dc1a58f8a33fbd893ec737bc2
-
SHA1
6cc449fffcf0111d62ff0475afb30eef7d774089
-
SHA256
9f7154d3786a9f445d249454777da82ebca55681b0fdbe54f1695ce31a30543f
-
SHA512
d6a4cb34a70180951925d5414c1a563a37a5a6d5c92b6fc8c741711637ebd1af60a0e375e00334599f322226a084641f099042b524f7152c720f8a2e7ee14445
-
SSDEEP
12288:oCQjgAtAHM+vetZxF5EWry8AJGy0yfnSWv46NuV9TXH2505/N:o5ZWs+OZVEWry8AFBTjNufH2kV
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-