General
-
Target
Discord Token Generator.exe
-
Size
15.1MB
-
Sample
240428-pyy1wage2s
-
MD5
8113a813f30e23b7da6080aba9081abc
-
SHA1
cc3d6e5d8494b10e08608caeed84bc85aa5f9c7d
-
SHA256
90f6a8da8c569ed6408f14af4b6657fbd07b920c92b82afe66d0073ff699865e
-
SHA512
1b1ab8ecccee22add867767e9c1a7e0abc86edbb48257de37cf9b698fe57015dec3c91949f80c032592df73e6360f4a48dde46ef0c58fb4c8a05ec6bbb05d05d
-
SSDEEP
393216:X9hbkkP1dwCteW6EW3imtykJQlpYKoV3Wj3+tI:X9hbr19te3rEU0ToV3Wj
Malware Config
Targets
-
-
Target
Discord Token Generator.exe
-
Size
15.1MB
-
MD5
8113a813f30e23b7da6080aba9081abc
-
SHA1
cc3d6e5d8494b10e08608caeed84bc85aa5f9c7d
-
SHA256
90f6a8da8c569ed6408f14af4b6657fbd07b920c92b82afe66d0073ff699865e
-
SHA512
1b1ab8ecccee22add867767e9c1a7e0abc86edbb48257de37cf9b698fe57015dec3c91949f80c032592df73e6360f4a48dde46ef0c58fb4c8a05ec6bbb05d05d
-
SSDEEP
393216:X9hbkkP1dwCteW6EW3imtykJQlpYKoV3Wj3+tI:X9hbr19te3rEU0ToV3Wj
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-