30a5aa7988de718780b5b2b03402d287998ab44ed83d9db8c956c92c1b7b4e89 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30a5aa7988de718780b5b2b03402d287998ab44ed83d9db8c956c92c1b7b4e89
Size

8KB
MD5

41f8bf198e2f3d96cc18c1cef4c32d1c
SHA1

9d016fa7a8bde2e31261d034202536c010206de5
SHA256

30a5aa7988de718780b5b2b03402d287998ab44ed83d9db8c956c92c1b7b4e89
SHA512

8d272bc2232e3ab802d4d761914769b589dba3594457fdddd71d30b719bf3e65653f2c69e622e7c4815f8b65e6626b1d7234782c81235839c1f02c8556312210
SSDEEP

192:nlAqItYypH58ZyWz8UVousWnvM3BE4dhUdgXWXVBAsiuB:nlAe6HmZxFVoLWvMREKUd+UVriuB

Score

10^/10

Malware Config

Signatures

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30a5aa7988de718780b5b2b03402d287998ab44ed83d9db8c956c92c1b7b4e89

Files

30a5aa7988de718780b5b2b03402d287998ab44ed83d9db8c956c92c1b7b4e89
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\crack\OneDrive\Escritorio\CMD SECURE\Downloader\obj\Debug\BLACK BULL VIP.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ