General
-
Target
FigmaDiscordPresenceSetup1.2.6.exe
-
Size
57.7MB
-
Sample
240517-slh1nsdf29
-
MD5
c1b0bf0da9420a7b18b875e354f7d1c2
-
SHA1
f70d18119738ab10b1ecf9e38b0ebc6bf4d3138d
-
SHA256
de698fc752eabbe55a1699f2978cd7da5ca791931279c10d84a7d305e4e06b6a
-
SHA512
24923dbbf88a5f9177629aa9a9e764d577e8549039d5dc61fa4b09c639a2b5f91d163702cb6f33590c5cea39b88eceedcddc147e8925920e397faca5438496b3
-
SSDEEP
1572864:P/t4XJatvBl/LE4HRUL+m/tKWb2BQkHQCXkjRMZI4:P/t4+//7RWjY02pkdQI4
Malware Config
Targets
-
-
Target
FigmaDiscordPresenceSetup1.2.6.exe
-
Size
57.7MB
-
MD5
c1b0bf0da9420a7b18b875e354f7d1c2
-
SHA1
f70d18119738ab10b1ecf9e38b0ebc6bf4d3138d
-
SHA256
de698fc752eabbe55a1699f2978cd7da5ca791931279c10d84a7d305e4e06b6a
-
SHA512
24923dbbf88a5f9177629aa9a9e764d577e8549039d5dc61fa4b09c639a2b5f91d163702cb6f33590c5cea39b88eceedcddc147e8925920e397faca5438496b3
-
SSDEEP
1572864:P/t4XJatvBl/LE4HRUL+m/tKWb2BQkHQCXkjRMZI4:P/t4+//7RWjY02pkdQI4
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/SpiderBanner.dll
-
Size
9KB
-
MD5
17309e33b596ba3a5693b4d3e85cf8d7
-
SHA1
7d361836cf53df42021c7f2b148aec9458818c01
-
SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
-
SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
SSDEEP
192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score1/10 -
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
Figma Discord Presence.exe
-
Size
129.9MB
-
MD5
c99f2452980656ad1e08adbbc9492b51
-
SHA1
79e3c90ac3c03d858830fbdc8f9bdd08e1abdc85
-
SHA256
9b23832a1a0214624ba446f4cf597f70134a37e1658d3f9ee2ee07eb3db17432
-
SHA512
f849ecdbe6f3e1cb456726f699bd73bac907e7baba34b07fa7f9980adfbbedc02b04f67bd83851dafe24e5bef99966b377efbfd74e0fa8603235ae30c5d5707b
-
SSDEEP
1572864:J6ckQr2SGDlw8h9DxUPh9hHV9nItmuT+2ibiE9TNGrAym:3Xulw8PDxUZI4Gg
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
LICENSES.chromium.html
-
Size
5.1MB
-
MD5
6b84319ee8a0a0af690273d3d2dcbaf4
-
SHA1
857ca353e0582d100dcbc6cb6761bb4430d0cb90
-
SHA256
fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585
-
SHA512
26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a
-
SSDEEP
24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS
Score1/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
4.3MB
-
MD5
7641e39b7da4077084d2afe7c31032e0
-
SHA1
2256644f69435ff2fee76deb04d918083960d1eb
-
SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
-
SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
SSDEEP
49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.6MB
-
MD5
852816337ce93ed2106ff1eb6ac4a40c
-
SHA1
39f246f2f87110130625c08e9cf26de7a95b82a9
-
SHA256
d4c699ddc30c53bbdd6a172f1c58edd9ab160d7a3e846a639c48b4cb01dd91d8
-
SHA512
869b9c7528038a0e57a258df6c8fd0a9b135b701cc05f7cb91b60b3169e2974011425d442ab6babf538b82e62a70396c9216ac4805278cce935b29ccc9230d1b
-
SSDEEP
49152:+MnbcrH9v7eCZPxX+qzohT99hDoapghnshy43yBcxnyKbZtjB0HVEMGJSj/8NOt:LCZpX+q27saesDSjbt
Score1/10 -
-
-
Target
libEGL.dll
-
Size
429KB
-
MD5
44c15dbe05e89ecf596a2cd98952dd8c
-
SHA1
b5d1d3a704230131804e24ffe45ad26f76a48b80
-
SHA256
a1174dbcacc41ca6c27bbd30ae37daacce8685a89a4a61c68b47e646c458c2af
-
SHA512
4b12859d064c5284a417628bc3835a619bccd976eb695dff93d313c704c218479c6dad00020e2ab38c9fe8ea7ae856ab20248f9e2089d4f4e1a0c195cd8bfa17
-
SSDEEP
6144:s7Udu1o3YnElXvzYhRk9o+3Re3wpcOQy5n+U7dPs:GUdu1NElX7QR2osJ5+0P
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/@bberger/win-info-fork/bin/win-info-darwin
-
Size
93KB
-
MD5
af7498d1ee1d02656ca2b09a4963401f
-
SHA1
530caed20d19cf639c1843b3247f7149a423499f
-
SHA256
eaadedb6559d9696ca23d92ecdb4d201a4d98104984dab54ff3a30da318bf196
-
SHA512
7789a156f55ae24a8e683667ddb3052c9680fef51366a6ff4b9381314f016c23e8c6cde58c5dd6e1e35bbbaf0bbf3fa26d020554f9cf417affc3b6277fce8e7c
-
SSDEEP
768:sAyO9C/PA/QOXsioxOh8mu38aCjwp+dgBr2JQEiXCcONIBIiI/IqMtfuxXJCLSoO:3OPA/Qgs5Ohi0jAA0w/aWpUSoO
Score4/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/@bberger/win-info-fork/bin/win-info-win32.exe
-
Size
9KB
-
MD5
2b7e53841e42c84fec8f2fb0f5124b53
-
SHA1
6d2395256add0a5e47a32305701cea7f17846d62
-
SHA256
405d49104a0a69adc61a589d4e0f440d968bb5683efdabf5a1991ce7252a58b6
-
SHA512
2f65b0e20e610403c9a5f5e18ddb2db66157a5c9d0e7148b20c43f248f53f1d9ecd4af25169f713359eb97ad2252b1616e17775cc3529c412d014eff0cfa3b5f
-
SSDEEP
192:5R+20T3lw/ISseUGQmQUXdB5jd7KjhlI523pVd+q2EYa:y9THSsemXUXX5p1Vq2EZ
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/@bberger/win-info-fork/bin/win-info-x11.js
-
Size
4KB
-
MD5
da0807212c8d781f51554d0970b39354
-
SHA1
31c43b9fb579543b543295cfc0b1ad35a05e35b8
-
SHA256
4131c9fbc8204dd096381d2e2b2b001c65815cce9f772d12568f94074969847b
-
SHA512
a535fa6d5cc22a59286642f233c5bff8023dcee9e61ab6ffe773fdf28d68d09caadc3046d5c442b51c63c801c79a68f8ed53b69fea4c99098d01c4b3bb445ee1
-
SSDEEP
96:U63BThNVO2iKarJNHI7iR4YyzeGueIBnrm06lszGYAftGxypQcLz6p8X/QeY:HRTjVO97J5KiSeZBnoWznAkUQcLe+PQL
Score3/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/@bberger/win-info-fork/bin/win-info.js
-
Size
221B
-
MD5
0473527e0cf1e39b61efdfb0ea6804d9
-
SHA1
f3bca29b1f6afd7b3ba615b58ad115ad04fb5cf7
-
SHA256
592080f052c737c61a1072879caf6cfacdb41218cd74a7a98a0586e05c0e2bdc
-
SHA512
21eb0b4ea89541f9a089a409e2544dec5e181fd5fd67b1997670fabafc80f1225163182e80ef7eca334087d0918c25674f038a385b0fc79f90b25efda06875d6
Score3/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/@bberger/win-info-fork/index.js
-
Size
2KB
-
MD5
4fa8a77e8a521670d13f8cb3f856f3b2
-
SHA1
9ed28a471f7c32c3156838e819f8305e99ab4405
-
SHA256
8923f8340f41990d4765ec8d134acfd89b3880f9dd109a942f4bfc209319a5cd
-
SHA512
37537e216aa0856a5ff5358b0688200838a06b9e9309951ae2c2bcaf5a7800e8ba65f606ca3ac752f7e7574f4b04584fa6eb5fe8fad29c92ef72db7e9ac22f14
Score3/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/ps-list/index.js
-
Size
4KB
-
MD5
32385488335d3acbac238ae79c09256b
-
SHA1
6945ac03e7581574c5e9dc0b943d89f13eb6bc81
-
SHA256
fb267dc224440784ece7cac39c0143d79420a206ac8054d5cec1bc702a885a9c
-
SHA512
76fbdc4e34e68acdbac018c73d937a3da3cad307e417174f9b52db26959388d23f9bb502f9b4f64e44f62565d675dedaabb4f4f3b0f3dbae088b284c96a8bfbe
-
SSDEEP
96:jF327zAOQaZPXRe/hTfvBaAemtAW1We6mqdSRcsTbPXRYaEsMGUrMUinRboKI:hmrQQBeVfvlemBad+cABL+nwUORboKI
Score3/10 -