General

  • Target

    Discord Token Generator.exe

  • Size

    15.1MB

  • Sample

    240526-zd7sdsbc9y

  • MD5

    8113a813f30e23b7da6080aba9081abc

  • SHA1

    cc3d6e5d8494b10e08608caeed84bc85aa5f9c7d

  • SHA256

    90f6a8da8c569ed6408f14af4b6657fbd07b920c92b82afe66d0073ff699865e

  • SHA512

    1b1ab8ecccee22add867767e9c1a7e0abc86edbb48257de37cf9b698fe57015dec3c91949f80c032592df73e6360f4a48dde46ef0c58fb4c8a05ec6bbb05d05d

  • SSDEEP

    393216:X9hbkkP1dwCteW6EW3imtykJQlpYKoV3Wj3+tI:X9hbr19te3rEU0ToV3Wj

Malware Config

Targets

    • Target

      Discord Token Generator.exe

    • Size

      15.1MB

    • MD5

      8113a813f30e23b7da6080aba9081abc

    • SHA1

      cc3d6e5d8494b10e08608caeed84bc85aa5f9c7d

    • SHA256

      90f6a8da8c569ed6408f14af4b6657fbd07b920c92b82afe66d0073ff699865e

    • SHA512

      1b1ab8ecccee22add867767e9c1a7e0abc86edbb48257de37cf9b698fe57015dec3c91949f80c032592df73e6360f4a48dde46ef0c58fb4c8a05ec6bbb05d05d

    • SSDEEP

      393216:X9hbkkP1dwCteW6EW3imtykJQlpYKoV3Wj3+tI:X9hbr19te3rEU0ToV3Wj

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks