Overview

overview

10

Static

static

10

LimitedChe...nu.exe

windows7-x64

10

LimitedChe...nu.exe

windows10-2004-x64

10

LimitedChe...ct.exe

windows7-x64

7

LimitedChe...ct.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LimitedCheatsFiveM.zip

  • Size

    17.8MB

  • Sample

    240422-3ss5bshh5z

  • MD5

    25888708e5fa13d5e56bd37e08ed90ae

  • SHA1

    8426b492d0df45f69cf9ee71463699971099c58a

  • SHA256

    1511db3cd12e77c5f8b2139f136e5c664e935f52538fc56ac878b4ba433be6e3

  • SHA512

    db56681cab80f4d92dd42a47e8ee07896b3f311fa7ce2c1c30c230a402b640f6ea8888894ed5c0b5241b3e9c8fe0a9190561d0e1d7a1d64ae74f356cd6ad06b3

  • SSDEEP

    393216:vqPnLFXlr7gQpDOETgsvfG9dg+3svEZPD5LUM:CPLFXNEQoEe51Jd9

Score
10/10
discordratempyreanpersistencepyinstallerratrootkitspywarestealerupx

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIxMzIxNTQ2OTUxNTg0MTU4Nw.Gzn2dv.TGdD10yUa7ZZs7OvhvQ65BdJ9OfF6HFElNkqdA

  • server_id

    1213214802600525834

Targets

    • Target

      LimitedCheatsFiveM/FivemMenu.exe

    • Size

      78KB

    • MD5

      0f6e652458a3a3374d8fd603163d811b

    • SHA1

      8a546dee8ca4f76c0675a0c95cf1e311faa3f454

    • SHA256

      6ffd88a2de38e3272945a434fd763ddd9a6285372b171765d11a26b9a81e0a85

    • SHA512

      a7cc2b6a58ebd836570121e1b0e373048ba7c4e44c1c02e0c759979b0bee8c0a8d8ab75d7a313bfb6dd6b22baf2d85f514f9c219168e10e98d9d0d1ef1f7c91d

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

    Score
    10/10
    discordratpersistenceratrootkitstealer
    behavioral1behavioral2

    • Target

      LimitedCheatsFiveM/Inject.exe

    • Size

      17.7MB

    • MD5

      157533ab88e43edd48102ed277114d5c

    • SHA1

      4d4032b1850573a7232d31c79df5777df9eff2e9

    • SHA256

      afbde90d61cb5cbd3770d2926e6e32bbb8ad713908d7db72bb46d72ad95f5d78

    • SHA512

      a14b7922f4877cee43417fa83a5e81ce80247c57ddd2290d8df81a4813693da84d923ecbe098af2bc77b8684df6f1abbf0894a61b78a782229f9323c28942416

    • SSDEEP

      393216:gqPnLFXlr7gQpDOETgsvfG9dg+3svEZPD5LU:hPLFXNEQoEe51Jd

    Score
    7/10
    upxpersistencespywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks