Analysis
-
max time kernel
17s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
12-06-2024 06:29
General
-
Target
DiscordRaider.exe
-
Size
3.8MB
-
MD5
05719a9ad94b721f9aa024cdb7671dae
-
SHA1
75821d8a850962529e56916eaf3efb3f3411db3c
-
SHA256
ffc5f19ed31c714e3dd4e5f77044b55b5540699a3e66e18bbf8e0e411b2450e6
-
SHA512
e67a3af46556003a4d4143cfd6e25d414f3a59db1afe156f5a65b579eaa9286f26865108dcc1e3c5891e20077b4bc4a0f0752c4ae2f51f475f74b5166c0103bd
-
SSDEEP
24576:qaKB4VuLVL44444VvqMI9rRE1Gkut6K2Uq//xw0ap+HhjM1R3s9rkTM6EcF7bXY5:qaOmGrWUq60vG0YJEigqLdp
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 23 IoCs
-
Suspicious use of SendNotifyMessage 22 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DiscordRaider.exe"C:\Users\Admin\AppData\Local\Temp\DiscordRaider.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4912-0-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB