General

  • Target

    Discord-Leaks.zip

  • Size

    138.6MB

  • Sample

    240501-qhh56aff4v

  • MD5

    3198395e2f1020b831fadbc0f11697a8

  • SHA1

    5db79b28206977625d2b1708aba6d154500082ef

  • SHA256

    a4704b7ba12271b428693f4758ee9e829de8be98e31c66362affa951a2ef0037

  • SHA512

    007f73d9bce43342610a1bd746b84d2ab67398c67c219cf79675df671159b9d3c59afc26c467a2f0a0cde6d951f895ab72cbbef0394f36259e84f1bb314acfa0

  • SSDEEP

    3145728:7IHkLlnPaH5kL4IqZxO1xrUIhMoUIhMraf/0:qqPu5ZSx15qaf/0

Malware Config

Targets

    • Target

      DiscoBot v2 By Psy\DiscoBotV2.exe

    • Size

      557KB

    • MD5

      0e869f3d8623a7a58b87f4f53a13da6f

    • SHA1

      553dfc8a31171ff211f70fa36e55baf82aaf16bc

    • SHA256

      2dbc83a8d9f495ec5223247ca85f749924cb28815a7e10bb55e0a12760043495

    • SHA512

      79ae1112b00969080b2373480284d0c187b99be8e024441d676429ca3eedf1ad2192071b5c6ee3e4bed192bcf3b81f7b87dbc88c19763f73592a98b60c68080b

    • SSDEEP

      6144:HfK1wAwYSeq1cLYeYTupswPB04knP3MOrWqKXiMAOF964+kv69jR3ZSjv:HfK1wAwDt1YYeYTuGwPBZkuXbPU4ej3

    Score
    7/10
    • Executes dropped EXE

    • Target

      DiscoBot v2 By Psy\bin32.lib

    • Size

      238KB

    • MD5

      4e6a7ee0e286ab61d36c26bd38996821

    • SHA1

      820674b4c75290f8f667764bfb474ca8c1242732

    • SHA256

      f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

    • SHA512

      f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

    • SSDEEP

      3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH

    Score
    1/10
    • Target

      DiscoBot v2 By Psy\database32.lib

    • Size

      544KB

    • MD5

      c58ef800605de9e81a4769d9c18c1661

    • SHA1

      592579ca1abaf34e8c36b7813a90394252ea607d

    • SHA256

      e76aeda70863248055b4a10b74de4ab4bae73d6769f02cca1d499be99cac577d

    • SHA512

      e114b10d3dc2ce6fceab8a5e35c1e5f5ea104e9d852ebe3afe5cd677d678a0c97f4f044a01123db904f01bf1ed7b17347e9c64954ea100f723789ce52900bb77

    • SSDEEP

      3072:x4xth47faQTv9Ni984XB3tPu047faQTv9Ni984XB3tPug:xqH4+kv69jR3ZP4+kv69jR3Z

    Score
    1/10
    • Target

      DiscoBot v2 By Psy\libcef.lib

    • Size

      211KB

    • MD5

      59238144771807b1cbc407b250d6b2c3

    • SHA1

      6c9f87cca7e857e888cb19ea45cf82d2e2d29695

    • SHA256

      8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b

    • SHA512

      cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

    • SSDEEP

      3072:CFITGLr+kmeUE2+YA8zuxD1gb/uVVohUFVEovODl9ply5nk/7K1bjT5h3qs:CbLUEkAtvaumhUXvwl9P62

    Score
    1/10
    • Target

      Discord Account Generator v2\_discordgenerator.exe

    • Size

      369KB

    • MD5

      7859238c2002b9d8a7f4588c32308bd2

    • SHA1

      b8f799f0895db4b8ce921846238e33f3726b9016

    • SHA256

      0f733d73c14e476584e9809ffd0469bd572be5692f43ea0aef5f418b30c375ca

    • SHA512

      60da73cbac065f182085eaed6e3a0e7d603fd6e48545467882a7b353442043d71625759584629a2fd8b455105b1cd9709a00a3c78087d44a70ae60ecb96af3a5

    • SSDEEP

      6144:CfKBwAwg6eqlcT8eYTu5swPB04knP3MOrWqjX2MAOGBk9jVv:CfKBwAwjtlg8eYTuWwPBZkvX/oS9

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      Discord Account Generator v2\chromedriver.exe

    • Size

      10.2MB

    • MD5

      7ecc26c832c07b00d32e0b9c9360c3a7

    • SHA1

      37f69d14425297132beeffdf705fd61d981086a7

    • SHA256

      37c78987cd4bd112f15a22e22cf42ecf315dc4179b4ac8332e3b0a9d167a4d91

    • SHA512

      7e0e6bba05f2dd063fe4cf256a1dce5de7ae88eae3d80059c2631f75b0febbb70c830872cbdaca75cbc7e960bb2f4b6d8d37efadab3a98fbc547d3bf3b6a0fd0

    • SSDEEP

      196608:U0TLrXoGaJINYI5lEZSmdXhnDaATPz/VDnV:U030GaUzEsKxnGATPz/VDV

    Score
    1/10
    • Target

      Discord Account Generator v2\data32.dll

    • Size

      13.2MB

    • MD5

      3a49c6ce407d3b7757c99bd6d6af8724

    • SHA1

      0793415a29df3b80ed1652b804c142fd07432e73

    • SHA256

      9bcf497f05bd39935654dc7b92af299794a3f6fad83a37f2fbfc097b664645c5

    • SHA512

      8efeb1a4d77527d234a6777c8324f19a61d3a0f012d1171620ef240f24c076a503a3dfcdd91b7239e69b8e5554bea330e663773d8a6e38d485e0bc2b8fb60747

    • SSDEEP

      393216:IVm9jIg3Mf+WJno10MzU1oFw4EHykhp3kWGCjuq:IV2W++oiMzQn1hZKCjuq

    Score
    7/10
    • Loads dropped DLL

    • Target

      Discord Account Generator v2\database32.lib

    • Size

      238KB

    • MD5

      4e6a7ee0e286ab61d36c26bd38996821

    • SHA1

      820674b4c75290f8f667764bfb474ca8c1242732

    • SHA256

      f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

    • SHA512

      f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

    • SSDEEP

      3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH

    Score
    1/10
    • Target

      Discord Account Generator v2\libcef.lib

    • Size

      211KB

    • MD5

      59238144771807b1cbc407b250d6b2c3

    • SHA1

      6c9f87cca7e857e888cb19ea45cf82d2e2d29695

    • SHA256

      8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b

    • SHA512

      cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

    • SSDEEP

      3072:CFITGLr+kmeUE2+YA8zuxD1gb/uVVohUFVEovODl9ply5nk/7K1bjT5h3qs:CbLUEkAtvaumhUXvwl9P62

    Score
    1/10
    • Target

      Discord Agora's Token Checker\CefSharp.cfg

    • Size

      24KB

    • MD5

      bfabb4e783179cc57854378a15fde018

    • SHA1

      81f696fa502cdecac1d2ef8d3bb0fabe73fb805d

    • SHA256

      12d2a92de5d6e2e31c65fcc4d31ebc0242e1e47e96522d2094933b0ac7a524e9

    • SHA512

      fc029f47c5543b0930999d78390f81cd3ffe5af9719233cf1cb1eb9e57a9b41ab8093ab1d6c5e915943385aecc67c374b5e786e3c2a71865fbf98b1628bb55f2

    • SSDEEP

      384:Qviz6a0bo6W1UuZURKRyeL7PtqM7Iyx/YFaBhHUbyNYc1sU4QKM:uqN0bdNuGRKRyIbtqef3Bh02pt4QKM

    Score
    1/10
    • Target

      Discord Agora's Token Checker\Token Checker.exe

    • Size

      319KB

    • MD5

      f4c39568f3378d28599e4bc6cc86335e

    • SHA1

      4b1e5a4759515d7c6c64a2cbf28b92e8acd65e31

    • SHA256

      50a3222cf13d54e636642a3a6e651e807a6227d3f7d6b70c4c0c98ea1e815f37

    • SHA512

      35f90c69d6cfda7a64fbf8b636306d9c14d675225b5d767669e1b61b7f72908612c2bc3f270eb2818e338ae4a3b818a349ff6b22e1bb97da9f492bde4095878f

    • SSDEEP

      6144:cfKFwAw4ieq+cDguYTu08bPBhukn7HMeEW3dtAO/1Dtf31iv:cfKFwAwTt+wguYTuvbPB0klVlR

    Score
    7/10
    • Executes dropped EXE

    • Target

      Discord Agora's Token Checker\bin32.lib

    • Size

      238KB

    • MD5

      4e6a7ee0e286ab61d36c26bd38996821

    • SHA1

      820674b4c75290f8f667764bfb474ca8c1242732

    • SHA256

      f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

    • SHA512

      f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

    • SSDEEP

      3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH

    Score
    1/10
    • Target

      Discord Agora's Token Checker\libcef.lib

    • Size

      211KB

    • MD5

      59238144771807b1cbc407b250d6b2c3

    • SHA1

      6c9f87cca7e857e888cb19ea45cf82d2e2d29695

    • SHA256

      8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b

    • SHA512

      cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

    • SSDEEP

      3072:CFITGLr+kmeUE2+YA8zuxD1gb/uVVohUFVEovODl9ply5nk/7K1bjT5h3qs:CbLUEkAtvaumhUXvwl9P62

    Score
    1/10
    • Target

      Discord Checker by xPolish\Discord Checker.exe

    • Size

      302KB

    • MD5

      c4b021b3e7ab1dcf60f9bc6f4a7feff0

    • SHA1

      1902ff9f85a47bfdba579d84946b9e25b5409619

    • SHA256

      0fbc104caeca5c94e7039a1449e681c7a948e71aefe29918108afb402335cfd1

    • SHA512

      345ebeebf879f165f3bb1c8a7daf3c7fa9e54737c82e142fdeab242a3b19c98827c5f46cf1b6f65a533501986e2a20a534e89759285eda2cf77ee26ca743aef5

    • SSDEEP

      6144:afKJwAwYaeqGc7IuYTuU8bPBhukn7HMeEW3ptAO79Pav:afKJwAwjtGoIuYTuPbPB0k1B

    Score
    7/10
    • Executes dropped EXE

    • Target

      Discord Checker by xPolish\Qt5Core.dll

    • Size

      238KB

    • MD5

      4e6a7ee0e286ab61d36c26bd38996821

    • SHA1

      820674b4c75290f8f667764bfb474ca8c1242732

    • SHA256

      f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

    • SHA512

      f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

    • SSDEEP

      3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH

    Score
    1/10
    • Target

      Discord Checker by xPolish\lib32.cfg

    • Size

      10KB

    • MD5

      e49ee50340be88a9e04548bec6270c08

    • SHA1

      8fa3ac2f1dc23a06f3a93c98b8a3461b450ef977

    • SHA256

      edeea658bdb634b6b5aaf9b230e44b6d2c9ffb749f54041323fbbb7de27387b1

    • SHA512

      25f59a704b2da5caf790e5448edb8fea8cb272149811bad3e17b029a45e5642981dbedb1f8518b6f9aa15371e7b3d58baa53fc84c44d988c54d2e4d9381aef01

    • SSDEEP

      192:CRtltBtLvkuzF3GYyt/xk9RBZ5AfnZFvnDnuKj24hM09UxKD:alx7x3Ryt/Ix+fn/vh9M09UxK

    Score
    1/10
    • Target

      Discord Checker by xPolish\libcef.lib

    • Size

      211KB

    • MD5

      59238144771807b1cbc407b250d6b2c3

    • SHA1

      6c9f87cca7e857e888cb19ea45cf82d2e2d29695

    • SHA256

      8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b

    • SHA512

      cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

    • SSDEEP

      3072:CFITGLr+kmeUE2+YA8zuxD1gb/uVVohUFVEovODl9ply5nk/7K1bjT5h3qs:CbLUEkAtvaumhUXvwl9P62

    Score
    1/10
    • Target

      Discord Checker by xPolish\xNet.dll

    • Size

      99KB

    • MD5

      bf1f76644bddd20339548ebacf7a48eb

    • SHA1

      38114702114105eb3df3f74bf4c68ef7db436f47

    • SHA256

      5d9c2b1822bcaa71ddeaa5426d4312d8e174766ae8864c7add29d7f44cea87f2

    • SHA512

      76132c9e29a0a3054cd41c56d5184951d392a2abd1995e14b34c40f14b154914a6990c107e7fcf4139344759ae6048e9ecf0bdaf0447c1cd589dfacbf901b7c5

    • SSDEEP

      3072:sCMhzHWHfyqxjqCgRGAQIO7ScwpY3wisz0YsXhqnV+xnEd4:sCM52n4RSVPwIhqnV+xnEd

    Score
    1/10
    • Target

      Discord Nitro - TZCracking\Discord Nitro - TZ Cracking.exe

    • Size

      369KB

    • MD5

      6df6a6b7ae7292ed3a7cebb49f68f00a

    • SHA1

      5d58a92d80e01beb0c9502d694c80d64d75d7dcf

    • SHA256

      3e28f62f67ec3b058373eb9457081859fd40343b79e3a54c6319709898376cf3

    • SHA512

      805fc7fb44a1c941c7fa70a646ae661d493693e11cd58af9e286e8d54b8e930e083ea442b78416c19c15bc5c3912f3edcb308777bce0d551bb6339e372df30a3

    • SSDEEP

      6144:ifKRwAwg6eqlcT8eYTu5swPB04knP3MOrWqgX2MAOUBnVv:ifKRwAwjtlg8eYTuWwPBZkEX/y

    Score
    7/10
    • Executes dropped EXE

    • Target

      Discord Nitro - TZCracking\Leaf.xNet.dll

    • Size

      148KB

    • MD5

      6f4784273e0e378ecf86acc62a5e8005

    • SHA1

      baaa02a81a32c2199a60c273b5cdd451820fa360

    • SHA256

      2a5e234423cf8a275e0dc6127c94f53f0e3c6916704fcff40d0ada105ab13e8e

    • SHA512

      bab8bb64835585c6f5b92a530c59f67597ac2828d5374fc467cb7755ff5d3d5876b72c3af964f34e51b07a2c666cede3bbd5bc095deaf2117154b62ecd45d4c4

    • SSDEEP

      3072:hZR1CfC8ogv6eNJkvHCHgTveD6Lj/9YPdZhttaMXM4d5Td:/JPeLkPAgTvedf

    Score
    1/10
    • Target

      Discord Nitro - TZCracking\Qt5Core.cfg

    • Size

      238KB

    • MD5

      4e6a7ee0e286ab61d36c26bd38996821

    • SHA1

      820674b4c75290f8f667764bfb474ca8c1242732

    • SHA256

      f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

    • SHA512

      f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

    • SSDEEP

      3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH

    Score
    1/10
    • Target

      Discord Nitro - TZCracking\database32.cfg

    • Size

      237KB

    • MD5

      b28622fe47a449335e479e706bacf810

    • SHA1

      72ab7f6301513bd022025297ae8f2d71fc97e1eb

    • SHA256

      ebd39c887b159c5adc0f1104551422ffea382c24b2dfa1d7b41a2a94b3a967e4

    • SHA512

      0b67f7a4bf26597a5549cf1d0fe37a5e8c22ef62c6fe442bba0eeedc690fd5dae660855a697c32122540122ed2dcb6311237dacb013aeac6baa84409205bcd8d

    • SSDEEP

      3072:36eSqMyjkxSOElhbLlJcvYYQfOa+8MRT5ZG5thwm3:3wEl1pJNjgm

    Score
    1/10
    • Target

      Discord Nitro - TZCracking\libcef.lib

    • Size

      211KB

    • MD5

      59238144771807b1cbc407b250d6b2c3

    • SHA1

      6c9f87cca7e857e888cb19ea45cf82d2e2d29695

    • SHA256

      8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b

    • SHA512

      cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

    • SSDEEP

      3072:CFITGLr+kmeUE2+YA8zuxD1gb/uVVohUFVEovODl9ply5nk/7K1bjT5h3qs:CbLUEkAtvaumhUXvwl9P62

    Score
    1/10
    • Target

      Discord Token Checker ULTRA by zoony\DXCore.dll

    • Size

      83KB

    • MD5

      345e29f3359094b5049bb23a4a340cbf

    • SHA1

      022177bbaa8d82c89d7802173a93c30730a41587

    • SHA256

      6a466fe74c46f084fd537e1212bf4095ade29b31bdbd8f4c8084a896dac9368a

    • SHA512

      5deb879111249e4a7f9113779f6859af91a35763f4d50d8c9957cdde9aa1fb6052b28e2a03fb4202b86d586253bd078a574e0e3116c1f1e76be9f4792ca5f441

    • SSDEEP

      1536:jmZfBVfvf4Vbs2bIxpJrePojhsafI3tyRDLavK8cNeu3UHh366MQ0hoxrK1sBpP2:KZfXA57bIxST3eDLvkHh3XMZhcK1ee

    Score
    3/10
    • Target

      Discord Token Checker ULTRA by zoony\Discord Token Checker ULTRA by zoony.exe

    • Size

      363KB

    • MD5

      078b187990d81924cc6e1ad2473aa420

    • SHA1

      e2cee975a572ca8163981ba87fd273d1d7fb8498

    • SHA256

      66a482b7c0771398a194ca9997c992d6afb8a38fb3486ccae289d28f4fb1aa51

    • SHA512

      881d1b66433d33cf951fb9ca81647aaa11ba13e91df48c4f62f1ec47627d7212848f352b0a858a0fd58fd11d47fcc2e2ec9e0423b152d6527d2d892e70985b26

    • SSDEEP

      6144:6fKZwAwAaequcDMuYTuM8bPBhukn7HMeEW3utAO9hpwU/f9pz5JHQv:6fKZwAwjtuwMuYTuHbPB0kG3Nzz5J

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Discord Token Checker ULTRA by zoony\data.bin

    • Size

      6.3MB

    • MD5

      97fbf255d6e9a72980b0a003e59dd4ff

    • SHA1

      9d7cb226681db7dfdd819bab0fdf943c6018cab1

    • SHA256

      0d7a75de4dc9c443248ae49519eaddac296a993ee04cf5776f130684d436a28e

    • SHA512

      91eaa386457e04994d2d7ab02e8fa7a8a8da2981bb3a9cac6fb380263d8efe736eba43a07a9ba2c5e65a0ff056c6daf488c17fa698eb4588ef62c10b11a2e9dc

    • SSDEEP

      196608:X0dUbNJAT8UXlVhZiYofG7rYnEuDY5GiR:kdcvrUXNZhGaMnEu2

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Discord Token Checker ULTRA by zoony\libGLESV2.lib

    • Size

      238KB

    • MD5

      4e6a7ee0e286ab61d36c26bd38996821

    • SHA1

      820674b4c75290f8f667764bfb474ca8c1242732

    • SHA256

      f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

    • SHA512

      f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

    • SSDEEP

      3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH

    Score
    1/10
    • Target

      Discord Token Checker ULTRA by zoony\libcef.lib

    • Size

      211KB

    • MD5

      59238144771807b1cbc407b250d6b2c3

    • SHA1

      6c9f87cca7e857e888cb19ea45cf82d2e2d29695

    • SHA256

      8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b

    • SHA512

      cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

    • SSDEEP

      3072:CFITGLr+kmeUE2+YA8zuxD1gb/uVVohUFVEovODl9ply5nk/7K1bjT5h3qs:CbLUEkAtvaumhUXvwl9P62

    Score
    1/10
    • Target

      Discord Token Checker ULTRA by zoony\secproc.dll

    • Size

      338KB

    • MD5

      c72b72a6f2eb72bc6dd0a2a2164e02e3

    • SHA1

      18825cc35e84e960c3c26e23f99fdc80bf346632

    • SHA256

      b008544fc732a9c05a1479a2631dbe005e24b69c4abc2922ec7bd87337b76644

    • SHA512

      0b73040f80a477b307efa6ca2baa2d8bac7e203b8a23d7e3e5b7daaedc1940778b805e3fbed5c12cf6516f09e243f77a55c404bf2c12b6ee6288f7b2a80f5f98

    • SSDEEP

      6144:BPefh6YmnoVPDVYITi3KxtLtOLbWUOGR3JZaYE8z0U3twy/8J:BPefhX1VYITi3KxtQeZGR3dCU3twyk

    Score
    1/10
    • Target

      Discord-Account-Backup\Discord Backup.exe

    • Size

      361KB

    • MD5

      2e1129e55613b84316fcaef22094abad

    • SHA1

      567a9d01991a7a95f2c9168e82aaed4259c6b323

    • SHA256

      daa4cc1b2761bc55091a2f27d72c5e14f8a820788b6bd4ac316e34098168ec9b

    • SHA512

      5234daf9d0e43f24c72f2d5e01c3e0c98138df5bf00b43aa443010404cf78f63025ac2fe65c893e0f0e4c5770bdd27e2136e4e8f4aa665f1368b6d83e29f8cb4

    • SSDEEP

      6144:IfKBwAwg6eqlcT8eYTu5swPB04knP3MOrWq+X2MAO+BQBD086QXhaasQuPTVv:IfKBwAwjtlg8eYTuWwPBZkCX/QSDd6SY

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      Discord-Account-Backup\Qt5Core.lib

    • Size

      8.5MB

    • MD5

      f2df8e03979c1838bd1a2b5f607c2565

    • SHA1

      743a6cc93af2dde299a45543c1ba33feb3daa213

    • SHA256

      e22f255c1bed5062bdb103aae18a053bcbfec4f9f16f9368bdbaba0b36ed71a6

    • SHA512

      eb1f5b6cadc37f91bab7fa8ca71bb871c7c3d192a069bf2e96720f330f31c1feb625ad5b0ea4c3584a2855da140a0fbe81ea6b063b0ea0ef4ccf6905ad37ae19

    • SSDEEP

      196608:HwvgaFyn/RNrlHAjoG+IGCsXDjDyf1dJolpPgToa10/UFOnJyJhK3bMyMnM:OPFCZxlHOFGCEDkJ83a10Msu6bbMM

    Score
    7/10
    • Loads dropped DLL

    • Target

      Discord-Account-Backup\database32.lib

    • Size

      238KB

    • MD5

      4e6a7ee0e286ab61d36c26bd38996821

    • SHA1

      820674b4c75290f8f667764bfb474ca8c1242732

    • SHA256

      f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

    • SHA512

      f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

    • SSDEEP

      3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Discovery

System Information Discovery

7
T1082

Command and Control

Web Service

2
T1102

Tasks

static1

qrlinkpyinstallerprivateloader
Score
10/10

behavioral1

Score
7/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
7/10

behavioral6

Score
1/10

behavioral7

Score
7/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
7/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
7/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
7/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
3/10

behavioral25

Score
7/10

behavioral26

Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
7/10

behavioral31

Score
7/10

behavioral32

Score
1/10