General
-
Target
83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead
-
Size
490KB
-
Sample
240425-ndg17aab63
-
MD5
4f66d83ac5cd767b5d651fc7303e031d
-
SHA1
2de6b6dcc979bed6905ea3d9514f6599c2cf2184
-
SHA256
83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead
-
SHA512
ee66b6f5024d57965d96a4420e15d7aef133005d4aaca254bc6ab0796174a9114c9180f5eb098486ed940c32306cfbe361af156cfa75f9d9f1145807240617fd
-
SSDEEP
12288:pToPWBv/cpGrU3yyK2ToKLk7xCh6Wjgnu:pTbBv5rUVjTouk7xQ6Wjgu
Static task
static1
Behavioral task
behavioral1
Sample
83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
discordrat
-
discord_token
MTIyOTQxMzUwMjU5MTE3NjcyNg.G9KrjP.D-XUbbPM5RZnvYvC1sooWa_RQE0mmSjhRciaaA
-
server_id
1229419379473649684
Targets
-
-
Target
83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead
-
Size
490KB
-
MD5
4f66d83ac5cd767b5d651fc7303e031d
-
SHA1
2de6b6dcc979bed6905ea3d9514f6599c2cf2184
-
SHA256
83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead
-
SHA512
ee66b6f5024d57965d96a4420e15d7aef133005d4aaca254bc6ab0796174a9114c9180f5eb098486ed940c32306cfbe361af156cfa75f9d9f1145807240617fd
-
SSDEEP
12288:pToPWBv/cpGrU3yyK2ToKLk7xCh6Wjgnu:pTbBv5rUVjTouk7xQ6Wjgu
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-