2566a0af260133c3a0d0e29d3c27264c736fd6c51224df28c8a6831314a832a7

Sharing

Copy URL

Twitter E-mail

General

Target

DiscordChatExporter (2).zip
Size

4.3MB
Sample

240523-fvmn1aeg9v
MD5

68d60ab121055077d286b64a7019a4fa
SHA1

38301233e47bab1f05873241d462a3fe664ebd24
SHA256

2566a0af260133c3a0d0e29d3c27264c736fd6c51224df28c8a6831314a832a7
SHA512

9ff411d1e891952caa96bae97768e9575f72381c11b55833ffd1dc257176059fa48776d49651dee5b131b843c3f8d5f30aed73d8243b8d3a0ea6b746f4b23119
SSDEEP

98304:XMqUW+xDUVcMlA3o9KkHEYbiqt0rchCvgJNFsEWVs2b0t+u3cLaUQ:X4W+xGcMYo9KNYbFt0GCeFsJsw0t+u3z

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  AdvancedStringBuilder.dll
- Size
  
  10KB
- MD5
  
  d7e4771bf385f74f7558f687eb2ac9d3
- SHA1
  
  2d0f29f5b16efdce2eb5064a2411f4ea76dc3af0
- SHA256
  
  e26665301f4be30ffd2d8d4996258db8b0cd868a3a104556606e2e8751b36e9c
- SHA512
  
  12f04be9c0f97ab6bd036b18d967acfc354f6eb9db4e92d5e58819251cf00b79eb4e53236486c13b009d781a9444cfd79032c1be79438265ee8cb0d791390228
- SSDEEP
  
  192:GmXRbiRj9UMwU+FvaNs7ocRaIw+5ONROEeaSiSJZif5z2FFE56iyXulaWOa1a:5bKj9MauJRaIXEO8NoZqay6bXfWzo
Score

8^/10

discovery
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1
- Target
  
  AngleSharp.dll
- Size
  
  872KB
- MD5
  
  b14559c954126db7affa279bdc44496b
- SHA1
  
  0c66a7b46c7587e44d954ba97f5b7ab31a6e3cd5
- SHA256
  
  0e488b331d82c6c12283db11d5396fcb31a3ec17738407e192a32b8b7ff7b534
- SHA512
  
  661e6a60cd339a7f3a18668a8216dc73368c5d40990a24aa9aa5c2ed84e1d0b846e306b11318b051ecf195b06d776339dd14692cc70d7a024b315140e732bb93
- SSDEEP
  
  12288:gQWA0H+srUTwuum1WHvwLaGheZFjEazp:fWKUhNrjLp
Score

1^/10
behavioral2
- Target
  
  AsyncKeyedLock.dll
- Size
  
  80KB
- MD5
  
  e8abae10ce55306d6ded1568c9ddf8bc
- SHA1
  
  224c037fc0b0cdc27e308fca1bd5c5992fb25940
- SHA256
  
  967c715af5e70a7663b53314e99c767042316d931ec30024a0e2a207c3c13f72
- SHA512
  
  322b3d2f1107d35fd89fff01246056c363124d1fbcb1d7d8b79b4b32a33fa9b9711b5566c62c3a417f7f04b07bfad82df91015b386f4ab92ef216d6f8f3b8cb8
- SSDEEP
  
  1536:d/IR3lSYb4JYtjntGNP5GHO4sARHPsgp/QTpTC0:d/I9d4JYtpGNxGHOFIvl6Tv
Score

1^/10
behavioral3
- Target
  
  Cogwheel.dll
- Size
  
  81KB
- MD5
  
  d82809ad6b9b57a564c98a2d467e377c
- SHA1
  
  09fcb4c84ac18d2ab2ca6e6b37cca372749c4871
- SHA256
  
  6b2f95037ec4742d3875e8a848f36c29fa975dcbdf6a90aa9556f0cc3f9bd298
- SHA512
  
  7b8dbb384b0ac4b956fcec46e6b25c0fd58ff53d6cb1539d258f330a80350e4b8da901ff317973ff2fe5ff06db738aa0ff16c83517f5ee202188d306adcff3b8
- SSDEEP
  
  1536:udhLspw4BOY8UrmBE0HXca7zesJuhhyIir+nQS1f18IHtKxGm:udhLspweOY8UKB3HXca7zeFbyx+nDEwY
Score

1^/10
behavioral4
- Target
  
  DiscordChatExporter.Core.dll
- Size
  
  808KB
- MD5
  
  338cdd99b4dc39cd13f4081e49ed0afd
- SHA1
  
  bed5ee4ae61636e76d2d29833507e869e4f8c4c2
- SHA256
  
  5c6315f747a96e1260479e9d2af9eb4dc30272649206fe95f6169e40e3c15deb
- SHA512
  
  527cc0a699c607159a308742b04810938fdb0f26865d68cb22c402456bc7b1ee0b7d08edd1972fb07fc3e93b13b637172e8693c4d1ef5eb51e7905e1c8f83d8f
- SSDEEP
  
  12288:CpQ7QJ6CHYNtnzcYZHalWhX+Muw+mn9j93Hmki8KemqytoIEUUefVzVwLuYq4CZs:CgI6tD++H
Score

1^/10
behavioral5
- Target
  
  DiscordChatExporter.dll
- Size
  
  117KB
- MD5
  
  8efdf4887d75c47839aacd8c4161a833
- SHA1
  
  9d7defc140ebee9c84b1bd2041f411f0e802df61
- SHA256
  
  7b09787fa99f42621208196484ead8d2d6073456ef61f2e2bf8c8eca6b7324a9
- SHA512
  
  a989d7eba23229c3bce38ed6444acbe878dc8ff4e6b10ef971b24f191d23b67c4c204bca95d56ede730440aee83d9c382a5722567d86d0d0ee4a9f9f27d256e8
- SSDEEP
  
  1536:aDIXrkL+72PdyqTx0xZRU5XJja72Z+Z4CtUfz+KO00gYqEtPpS:sIXr/loG5to9ItPM
Score

1^/10
behavioral6
- Target
  
  DiscordChatExporter.exe
- Size
  
  116KB
- MD5
  
  33827bc09a995837251064aea4c645b2
- SHA1
  
  eb4946b8f731d92bff103d34198d9292b9d40ca9
- SHA256
  
  b11c0b771c0d7230a48adac51d2dbc158ed45dffee517e9d41abc558d8386e92
- SHA512
  
  76f266e7a54772d52bdc26f19b113bbba8e7b25d9d483c6e98169e1da309a46d2bb11620ce07ffaff7d7e699981dcf79e13d5702cfeeb3e3cb5095bd7fbfc30e
- SSDEEP
  
  1536:Su8FjAgy/opsBkbG+JrlO8zry5PcP6ehiTJ3co3fsPrTRRUb/kazFCh:Su8jRsB8Gig8zryGP6e6/IrTRu/zF+
Score

1^/10
behavioral7
- Target
  
  Gress.dll
- Size
  
  69KB
- MD5
  
  3effb4dc1522d2ec34057c26ae8996f6
- SHA1
  
  a251a798639f65447fa8ffe132e7b2f8b0501db8
- SHA256
  
  57734ec3a3412c38f7d14aad6da7cb3d2ffc5c339a269862f172f9c6ee273aca
- SHA512
  
  b6989ddffc62cbdcc4a8ca1c7e6f15f8222a101722e2b91465d10ce0f17086700d84edcddac86e01f5ead94944651f1629ebe4a39d47b0f0201a1aa8beeb16a4
- SSDEEP
  
  1536:M5XxjstYJn8De36FrNBQA21jUn58cSWeMHMRG:4xJk3FrNBQA2KrfcG
Score

1^/10
behavioral8
- Target
  
  JsonExtensions.dll
- Size
  
  30KB
- MD5
  
  be566244d3ecba8864edb2dd2acb746c
- SHA1
  
  4876d44642cbe635aa9c038f4d4cc8fca72276e6
- SHA256
  
  0a55afc3f827c78ee2bfbd48654475f06ae78ba3eae1f81a1b0744956c532269
- SHA512
  
  b04f6986fe81b4bb1b00e6965b95bf189680db9ea00518acb98bf831aac51cb951c18616db83b49181c84c0e64bde7ae5ab65dc3c21259ac93a47c5ce123b4c2
- SSDEEP
  
  768:b0SlGhj+U4nnnnnnnnnnnnnncuuXLw8aFgTl4XWdcOASk4qc1x/:QSwMUYowKTGXIvJLX
Score

1^/10
behavioral9
- Target
  
  MaterialDesignColors.dll
- Size
  
  296KB
- MD5
  
  6f36e4d6808250f5591734f93fb2e1f2
- SHA1
  
  e9aee2e32696a001d2412de8f6e7d01c7cd00c97
- SHA256
  
  a3ef61fed88fbf155c40e88629a07f772b161c5b8f90489a25c1ba5444dc5130
- SHA512
  
  88826ddcdc14494203613bf4acecd40fba4845fb7546ceecb120e595bc51afd5ba834958e667d8ca79b3fbddc7d740807eb1c6c1ccfa7c1b7f571cbbd7a0c049
- SSDEEP
  
  1536:X7CxEa6JpuYy9kzN4RUB/yCURKR19m41ZU7fKoVxb/8BbV:Ywp4RUB/pTE7fKoVxboV
Score

1^/10
behavioral10
- Target
  
  MaterialDesignThemes.Wpf.dll
- Size
  
  9.1MB
- MD5
  
  82133a3f99d3338f77b2508537ad196c
- SHA1
  
  0b19db0a52ac367a51cbcf50b4e5d352b8f8d13f
- SHA256
  
  ac38e669b083443defe9230d1272217cd83db27acf9c9828710f10b35f6928ae
- SHA512
  
  6c1042bd460156d2b2a039d7595554cec7b4d2836c6962b018921a0a427af71a7a244db7d0f1c8ee9eb580b9e064402eb46d59fd4001efff59db20d3095a68d8
- SSDEEP
  
  98304:o3VaFDXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCRM:o3VaTnJ45/9iD54+V11bFv4z
Score

1^/10
behavioral11
- Target
  
  Microsoft.Xaml.Behaviors.dll
- Size
  
  143KB
- MD5
  
  ccb74157fc6351497a0f5f514a668169
- SHA1
  
  63bc35a0c27bb49e31012f55ba3e40145b0ea87c
- SHA256
  
  acf2664d35f432ab9ea003040e5154ae8bb40a8f07d3eebee7093e97f44a96ea
- SHA512
  
  e0f121c8802ae2020f62fc8d3ab3102f1686cf4d50bc381de00fd55b6409dc3ff7f490aef0883541231d4f0974ba0faa47ac501244a3f499e8ba361b930a5a36
- SSDEEP
  
  3072:NkdbKTg58+1uIv640TPFMXT4Y7zu5i1dIXcBN425rFj8FXZ:cK+1robS0Y7zua+p
Score

1^/10
behavioral12
- Target
  
  Onova.dll
- Size
  
  168KB
- MD5
  
  118c14bf2c25be366d76bdc40f011252
- SHA1
  
  6f419d538da3120872e35e64272a5b4802df65e2
- SHA256
  
  280e8545cf32e4df766c1f7f37f16b739aa084df8ccf3668870260bd6624fa1c
- SHA512
  
  0a33733fcffd6f69bf52726a715090d402476e5f73c7f56e831ba9b2ef2aee05e5fce7883fd573fcdd5bda44af0603782d5d21dbff1a063a41cbdf36d068f499
- SSDEEP
  
  3072:P8blOHv2c4eU1zIHymjhhdexxpaTk7Y20UkFxeTUk5NMOXDVHcRWSBcyK:EshU1zoHMQkswNjDV84ib
Score

1^/10
behavioral13
- Target
  
  Polly.Core.dll
- Size
  
  225KB
- MD5
  
  73559cec78ee5d3fdbb7501d3baabb7b
- SHA1
  
  de4630d3bd3be218e3e317d47a67757cad29f081
- SHA256
  
  4b774a210632e9c79ab848f3bea78c71b4fcb0ba0f745a5e2fcde39ddc5de9d7
- SHA512
  
  2c1402d22d19dd3dd3d899f76ef98884453dff60ac7f70856826a3c6b4c848375a3a0ae62626c573fc61ebb1d90461df875841881bfff7a23f90aa2b8aa839f3
- SSDEEP
  
  6144:hvEZAXsn6qZC6e6LGg4Yk5LDJg/yTJ8L8e/9Af:FzYrJe66gFyTJ9
Score

1^/10
behavioral14
- Target
  
  Polly.dll
- Size
  
  287KB
- MD5
  
  334abb983dae16ca8aa70345fd20242c
- SHA1
  
  ba8b49da71eb5bbfe699d04fa8f0f5c4a2212fe8
- SHA256
  
  b0a841004a9993795aef1f8b435757732733303d0d42906ad21cb364aa90d957
- SHA512
  
  eb16e330ec0c1a4c5891845747e50f3d059ca7fa4efc176cf5fed549538589fdb38ec53c38faf6c21aae66d11e28b3b180effca32b8e487fe12b9bf8e3f332e8
- SSDEEP
  
  3072:gkgWzQX1CsDq3DzzzQzWzgKdyfOmi/5dJ4Vv6BOfw6uUA+zzbXs6YYibcdaelOuS:ELqmr7e5/4Vv6BOo+wsd9lO
Score

1^/10
behavioral15
- Target
  
  RazorBlade.dll
- Size
  
  34KB
- MD5
  
  9b26e149dfd5cfacb87b7a9cb7bdb8fb
- SHA1
  
  ea2203c35c4d5138a14e8d6d7a8f68674d48889c
- SHA256
  
  e197d50a74290bcce5c2dcd889e96836a9eb2768ced718ceaaa51783105a4206
- SHA512
  
  d7a7d66941aca0a0c749de77f56dda124103df1b7298c50ffe5c0eb593e153c59e75f565ef013c054b882119ae3b1a2bae47d41ebaa2138821b50bd0d44dd0b7
- SSDEEP
  
  768:X+axPCHFxrasSti3bC2Kevtw+3nIxRe6/CB7fB6S:ZPCLGse8O2KeVw+3nIxR7gTBD
Score

1^/10
behavioral16
- Target
  
  Stylet.dll
- Size
  
  142KB
- MD5
  
  e0c715baaa7dd70d53043cb659580aeb
- SHA1
  
  d252db65ea05c07c1667bc35acd947e2f3af1d22
- SHA256
  
  9e8c054f20e37c7ee298bdebec6e19bf181478406a98d536cfb923fb5a93cdad
- SHA512
  
  971e2cdb128e61abd826af6b50b38db2e0508ac39817784e4b00e9c513f1944d72917574614ac748777b269779c511d4348d0b8038622f1268f769fb8dbbafb1
- SSDEEP
  
  3072:k+324p5tySo25utTvgrOwNrXkoo9MpWXrJgqjXH3QyFrMJ0:k+Np5t2mutIRNL+UGrMJ
Score

1^/10
behavioral17
- Target
  
  Superpower.dll
- Size
  
  89KB
- MD5
  
  e991ac2152429e4c851996fd49b71e6a
- SHA1
  
  d6a2e9d1643c22d7bb252e2aa26dc74d8d777435
- SHA256
  
  ce59cd33a2a43c38ab1f28a18faea7e23839590e7d88f727604a83d2ba722401
- SHA512
  
  4391f323b5b76e2389e4eb2e73ea34e55208bc0ccc58666ae31c7c1c56ffbefb82f7ea468ea7fa4521c2ec0fc09bf7e08112ef8246b431d484d48067ed84d47d
- SSDEEP
  
  1536:d7W1kjSS+e/DdFA/sS5UE1wG0g3A4tigfWyeYaiJjntjN99wdk7LBoeCVeS:BW0XssgZfOQ7tjNLwaBNCl
Score

1^/10
behavioral18
- Target
  
  WebMarkupMin.Core.dll
- Size
  
  147KB
- MD5
  
  fd2fb367902381c963f2c75ddeee3dd2
- SHA1
  
  45327ac396119470fda63f70e10d87737bc57e3c
- SHA256
  
  96c18c9362a33777d618f7db6c03abf8b53f6d3ce5ba1dc109a8ab89ae032a60
- SHA512
  
  acac64208cd03716ab40ecf7e4dd058380cbd387fecd75f610b64d1ec87b5f83a704225fa44c38e720e0a3a9e6e0351600adbbd625f5b185886850e2772eb5fc
- SSDEEP
  
  3072:+N2kHr4YvsNY2UrGVi39Drlb2ckORg++x3EkaGnB:+N2klv3vBl25/EkJB
Score

1^/10
behavioral19
- Target
  
  YoutubeExplode.dll
- Size
  
  260KB
- MD5
  
  91c3d497bb816f814817164d73b84ff9
- SHA1
  
  fb72a28a7decf3fe3a93ed5e8032d620e20b83c9
- SHA256
  
  d3b37543523b9f3f003b8ecca21b23f94b3081f036ad63a5129fedeea2fb4705
- SHA512
  
  92bca61570accb3717c9ed9b39c69c0c3a25ec4d028df2dea244f9e0f58702dbb493788ffa594948d6ded47cc8a5c2be963360d1d4df557fe2f5e11b7451e52b
- SSDEEP
  
  3072:0KvSbrM7T72bi07WqBUMkWRNLAjICkF5aqPT7vdbquT/x+3PY3uEAWjyv1PtRfau:pz2BUMGAndf/x+D1PHYm2FOsE
Score

1^/10
behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops desktop.ini file(s)

Enumerates connected drives

Maps connected drives based on registry

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20