90f6a8da8c569ed6408f14af4b6657fbd07b920c92b82afe66d0073ff699865e | Triage

Sharing

General

Target

Discord Token Generator.exe
Size

15.1MB
Sample

240526-zd7sdsbc9y
MD5

8113a813f30e23b7da6080aba9081abc
SHA1

cc3d6e5d8494b10e08608caeed84bc85aa5f9c7d
SHA256

90f6a8da8c569ed6408f14af4b6657fbd07b920c92b82afe66d0073ff699865e
SHA512

1b1ab8ecccee22add867767e9c1a7e0abc86edbb48257de37cf9b698fe57015dec3c91949f80c032592df73e6360f4a48dde46ef0c58fb4c8a05ec6bbb05d05d
SSDEEP

393216:X9hbkkP1dwCteW6EW3imtykJQlpYKoV3Wj3+tI:X9hbr19te3rEU0ToV3Wj

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Discord Token Generator.exe
- Size
  
  15.1MB
- MD5
  
  8113a813f30e23b7da6080aba9081abc
- SHA1
  
  cc3d6e5d8494b10e08608caeed84bc85aa5f9c7d
- SHA256
  
  90f6a8da8c569ed6408f14af4b6657fbd07b920c92b82afe66d0073ff699865e
- SHA512
  
  1b1ab8ecccee22add867767e9c1a7e0abc86edbb48257de37cf9b698fe57015dec3c91949f80c032592df73e6360f4a48dde46ef0c58fb4c8a05ec6bbb05d05d
- SSDEEP
  
  393216:X9hbkkP1dwCteW6EW3imtykJQlpYKoV3Wj3+tI:X9hbr19te3rEU0ToV3Wj
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3