General
-
Target
d3af0683981a6be530dd33cfd2a162a6.jpg
-
Size
20KB
-
Sample
240430-t61xnaah7x
-
MD5
2517471b9c3e8da21618ea1fd035a258
-
SHA1
cf0fcdd45f599e4101329e9d3f0120e483b01c20
-
SHA256
b42a22b9b3e418aa85242fbd7abe2b5c0025cccef0a20440590fb9982a43b11b
-
SHA512
23585dabb595c17ac0a10fe787a70f8f33f0a1f7119f97110e28db3e88d147831dc96f6aaff705600916a75ac214908f5cebe06076e74e3173108ce617dcbd07
-
SSDEEP
384:hDqYAsQHCSVq9Wi/rZL0pgp/3XR2BL2SFHdYqKdZkr:1AsWrVQWEL0pgRHEZ26HudZO
Static task
static1
Behavioral task
behavioral1
Sample
d3af0683981a6be530dd33cfd2a162a6.jpg
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
d3af0683981a6be530dd33cfd2a162a6.jpg
Resource
ubuntu2004-amd64-20240221-en
Malware Config
Extracted
discordrat
-
discord_token
MTIzNDQ1ODc2ODU0MTA5Mzk4OQ.G1TXa2.7oRt2Q-Qp8mSG4vpWmR5JEhhANuTxxOXzb_0uk
-
server_id
1191318589567934515
Targets
-
-
Target
d3af0683981a6be530dd33cfd2a162a6.jpg
-
Size
20KB
-
MD5
2517471b9c3e8da21618ea1fd035a258
-
SHA1
cf0fcdd45f599e4101329e9d3f0120e483b01c20
-
SHA256
b42a22b9b3e418aa85242fbd7abe2b5c0025cccef0a20440590fb9982a43b11b
-
SHA512
23585dabb595c17ac0a10fe787a70f8f33f0a1f7119f97110e28db3e88d147831dc96f6aaff705600916a75ac214908f5cebe06076e74e3173108ce617dcbd07
-
SSDEEP
384:hDqYAsQHCSVq9Wi/rZL0pgp/3XR2BL2SFHdYqKdZkr:1AsWrVQWEL0pgRHEZ26HudZO
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-