General
-
Target
WatchThigpjs.exe
-
Size
604KB
-
Sample
240522-qzt9radd76
-
MD5
5dc72471a3a544dfbd2ebd65fad3a403
-
SHA1
9d953d6402225705068713cb203a30f317f7cd31
-
SHA256
b04ffd94e39de8e648b97403afdb5747c453f6d20876920c2eb8d41f7453f537
-
SHA512
8db977c7e467caa30d260b2311a469746890c3b80f8718085e1d6d1117f2ed976a892409f6ca842c51c5ad10651f8e5dc950391fb08fb39fd7c5cdb237d6c720
-
SSDEEP
12288:TCQjgAtAHM+vetZxF5EWry8AJGy0y/DODruQ5EqwmIBet:T5ZWs+OZVEWry8AFBmDEqxIkt
Static task
static1
Behavioral task
behavioral1
Sample
WatchThigpjs.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
WatchThigpjs.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
discordrat
-
discord_token
MTI0MjgyODA0NTYzMTQ5MjE0Nw.GaK9_b.DkeSn-Pej4eo5IcrUmOmowhbH0dXKH8vZX3FZ4
-
server_id
1242477718638170204
Targets
-
-
Target
WatchThigpjs.exe
-
Size
604KB
-
MD5
5dc72471a3a544dfbd2ebd65fad3a403
-
SHA1
9d953d6402225705068713cb203a30f317f7cd31
-
SHA256
b04ffd94e39de8e648b97403afdb5747c453f6d20876920c2eb8d41f7453f537
-
SHA512
8db977c7e467caa30d260b2311a469746890c3b80f8718085e1d6d1117f2ed976a892409f6ca842c51c5ad10651f8e5dc950391fb08fb39fd7c5cdb237d6c720
-
SSDEEP
12288:TCQjgAtAHM+vetZxF5EWry8AJGy0y/DODruQ5EqwmIBet:T5ZWs+OZVEWry8AFBmDEqxIkt
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-