General
-
Target
762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20
-
Size
650KB
-
Sample
240504-tp3pxsdg88
-
MD5
41177aaae97b728d3ef8281563bdaf34
-
SHA1
217586ee4699157434f1568e6eee180690c5750c
-
SHA256
762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20
-
SHA512
01e6ba88d026818e3008b31bc3a359e6fa636ab966b762d67c7c32f5e7c29b0b187ad2259304f7ac5a1583a4684ea0bb9e7252ec3c16d711703aff633533fc5a
-
SSDEEP
12288:9BdlwHRn+WlYV+Y2M1Hh4OiR8aFXW/tmxjnedOQxOAfjrFaE:9BkVdlYAfJb/FXWgxjFQxOIrFaE
Static task
static1
Behavioral task
behavioral1
Sample
762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
discordrat
-
discord_token
MTIzMTYwODkyMTQwODY3MTgyNg.GyU5wW.z4dEi7ijUjrOfjBxpMvtoxwuv6X1yAlQjvlIuU
-
server_id
1231610037986922578
Targets
-
-
Target
762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20
-
Size
650KB
-
MD5
41177aaae97b728d3ef8281563bdaf34
-
SHA1
217586ee4699157434f1568e6eee180690c5750c
-
SHA256
762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20
-
SHA512
01e6ba88d026818e3008b31bc3a359e6fa636ab966b762d67c7c32f5e7c29b0b187ad2259304f7ac5a1583a4684ea0bb9e7252ec3c16d711703aff633533fc5a
-
SSDEEP
12288:9BdlwHRn+WlYV+Y2M1Hh4OiR8aFXW/tmxjnedOQxOAfjrFaE:9BkVdlYAfJb/FXWgxjFQxOIrFaE
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-