Overview
overview
7Static
static
3Discord To...ta.zip
windows11-21h2-x64
1Discord To...UP.bat
windows11-21h2-x64
7Discord To...RT.bat
windows11-21h2-x64
1Discord To...DOS.py
windows11-21h2-x64
3Discord To...xe.bat
windows11-21h2-x64
1Discord To...DOS.py
windows11-21h2-x64
3Discord To...pam.py
windows11-21h2-x64
3Discord To...pam.py
windows11-21h2-x64
3Discord To...es.txt
windows11-21h2-x64
3Discord To...ns.txt
windows11-21h2-x64
3Discord To...ts.txt
windows11-21h2-x64
3Discord To...t__.py
windows11-21h2-x64
3Discord To...10.pyc
windows11-21h2-x64
3Discord To...11.pyc
windows11-21h2-x64
3Discord To...12.pyc
windows11-21h2-x64
3Discord To...10.pyc
windows11-21h2-x64
3Discord To...11.pyc
windows11-21h2-x64
3Discord To...12.pyc
windows11-21h2-x64
3Discord To...10.pyc
windows11-21h2-x64
3Discord To...11.pyc
windows11-21h2-x64
3Discord To...12.pyc
windows11-21h2-x64
3Discord To...10.pyc
windows11-21h2-x64
3Discord To...11.pyc
windows11-21h2-x64
3Discord To...12.pyc
windows11-21h2-x64
3Discord To...g.json
windows11-21h2-x64
3Discord To...es.txt
windows11-21h2-x64
3Discord To...it.txt
windows11-21h2-x64
3Discord To...ed.txt
windows11-21h2-x64
3Discord To...ns.txt
windows11-21h2-x64
3Discord To...g.spec
windows11-21h2-x64
3Discord To...es.txt
windows11-21h2-x64
3Discord To...ou.txt
windows11-21h2-x64
3Analysis
-
max time kernel
1484s -
max time network
1495s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
18-06-2024 21:29
Behavioral task
behavioral1
Sample
Discord Tools beta.zip
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
Discord Tools beta/Discord Tools/SETUP.bat
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
Discord Tools beta/Discord Tools/START.bat
Resource
win11-20240611-en
Behavioral task
behavioral4
Sample
Discord Tools beta/Discord Tools/Tools/BotNetDDOS.py
Resource
win11-20240419-en
Behavioral task
behavioral5
Sample
Discord Tools beta/Discord Tools/Tools/BuildExe.bat
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
Discord Tools beta/Discord Tools/Tools/DDOS.py
Resource
win11-20240611-en
Behavioral task
behavioral7
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam.py
Resource
win11-20240611-en
Behavioral task
behavioral8
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/DiscordSpam.py
Resource
win11-20240508-en
Behavioral task
behavioral9
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/assets/proxies.txt
Resource
win11-20240419-en
Behavioral task
behavioral10
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/assets/tokens.txt
Resource
win11-20240611-en
Behavioral task
behavioral11
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/assets/userAgents.txt
Resource
win11-20240611-en
Behavioral task
behavioral12
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__init__.py
Resource
win11-20240611-en
Behavioral task
behavioral13
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/__init__.cpython-310.pyc
Resource
win11-20240611-en
Behavioral task
behavioral14
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/__init__.cpython-311.pyc
Resource
win11-20240611-en
Behavioral task
behavioral15
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/__init__.cpython-312.pyc
Resource
win11-20240508-en
Behavioral task
behavioral16
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/assetsManager.cpython-310.pyc
Resource
win11-20240508-en
Behavioral task
behavioral17
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/assetsManager.cpython-311.pyc
Resource
win11-20240611-en
Behavioral task
behavioral18
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/assetsManager.cpython-312.pyc
Resource
win11-20240508-en
Behavioral task
behavioral19
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/banner.cpython-310.pyc
Resource
win11-20240508-en
Behavioral task
behavioral20
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/banner.cpython-311.pyc
Resource
win11-20240508-en
Behavioral task
behavioral21
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/banner.cpython-312.pyc
Resource
win11-20240508-en
Behavioral task
behavioral22
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/color.cpython-310.pyc
Resource
win11-20240508-en
Behavioral task
behavioral23
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/color.cpython-311.pyc
Resource
win11-20240611-en
Behavioral task
behavioral24
Sample
Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/color.cpython-312.pyc
Resource
win11-20240611-en
Behavioral task
behavioral25
Sample
Discord Tools beta/Discord Tools/Tools/NG/config/config.json
Resource
win11-20240611-en
Behavioral task
behavioral26
Sample
Discord Tools beta/Discord Tools/Tools/NG/config/proxies.txt
Resource
win11-20240611-en
Behavioral task
behavioral27
Sample
Discord Tools beta/Discord Tools/Tools/NG/results/hit.txt
Resource
win11-20240419-en
Behavioral task
behavioral28
Sample
Discord Tools beta/Discord Tools/Tools/Token Gen/Generated.txt
Resource
win11-20240508-en
Behavioral task
behavioral29
Sample
Discord Tools beta/Discord Tools/Tools/Token Gen/Tokens.txt
Resource
win11-20240611-en
Behavioral task
behavioral30
Sample
Discord Tools beta/Discord Tools/Tools/TokenLog.spec
Resource
win11-20240611-en
Behavioral task
behavioral31
Sample
Discord Tools beta/Discord Tools/Tools/proxies.txt
Resource
win11-20240508-en
Behavioral task
behavioral32
Sample
Discord Tools beta/Discord Tools/Tools/rockyou.txt
Resource
win11-20240611-en
General
-
Target
Discord Tools beta/Discord Tools/SETUP.bat
-
Size
2KB
-
MD5
3cadc3d1f11546fcf91c76e7d90ac0d5
-
SHA1
900e24b48ce1a086b33871afb32c2c12fd03717d
-
SHA256
4786443e83e0f945a0a20a18bd770c7d2ae2896665752846e5fc996a26fcb82b
-
SHA512
5fc5a254c97890e00c206cb72a9efd7ff4909d0b12245a4498c560e5404c8666cd02a83d078af58184ff4da898fa3748b585ae9df6dc9b1b14502ba7e3ba151a
Malware Config
Signatures
-
Use of msiexec (install) with remote resource 3 IoCs
Processes:
msiexec.exemsiexec.exemsiexec.exepid process 4588 msiexec.exe 3100 msiexec.exe 4888 msiexec.exe -
Blocklisted process makes network request 3 IoCs
Processes:
msiexec.exeflow pid process 2 3728 msiexec.exe 3 3728 msiexec.exe 7 3728 msiexec.exe -
Drops file in Windows directory 2 IoCs
Processes:
msiexec.exedescription ioc process File opened for modification C:\Windows\Installer\MSIB5D4.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI8608.tmp msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
msiexec.exemsiexec.exemsiexec.exedescription pid process Token: SeShutdownPrivilege 4588 msiexec.exe Token: SeIncreaseQuotaPrivilege 4588 msiexec.exe Token: SeSecurityPrivilege 3728 msiexec.exe Token: SeCreateTokenPrivilege 4588 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4588 msiexec.exe Token: SeLockMemoryPrivilege 4588 msiexec.exe Token: SeIncreaseQuotaPrivilege 4588 msiexec.exe Token: SeMachineAccountPrivilege 4588 msiexec.exe Token: SeTcbPrivilege 4588 msiexec.exe Token: SeSecurityPrivilege 4588 msiexec.exe Token: SeTakeOwnershipPrivilege 4588 msiexec.exe Token: SeLoadDriverPrivilege 4588 msiexec.exe Token: SeSystemProfilePrivilege 4588 msiexec.exe Token: SeSystemtimePrivilege 4588 msiexec.exe Token: SeProfSingleProcessPrivilege 4588 msiexec.exe Token: SeIncBasePriorityPrivilege 4588 msiexec.exe Token: SeCreatePagefilePrivilege 4588 msiexec.exe Token: SeCreatePermanentPrivilege 4588 msiexec.exe Token: SeBackupPrivilege 4588 msiexec.exe Token: SeRestorePrivilege 4588 msiexec.exe Token: SeShutdownPrivilege 4588 msiexec.exe Token: SeDebugPrivilege 4588 msiexec.exe Token: SeAuditPrivilege 4588 msiexec.exe Token: SeSystemEnvironmentPrivilege 4588 msiexec.exe Token: SeChangeNotifyPrivilege 4588 msiexec.exe Token: SeRemoteShutdownPrivilege 4588 msiexec.exe Token: SeUndockPrivilege 4588 msiexec.exe Token: SeSyncAgentPrivilege 4588 msiexec.exe Token: SeEnableDelegationPrivilege 4588 msiexec.exe Token: SeManageVolumePrivilege 4588 msiexec.exe Token: SeImpersonatePrivilege 4588 msiexec.exe Token: SeCreateGlobalPrivilege 4588 msiexec.exe Token: SeShutdownPrivilege 3100 msiexec.exe Token: SeIncreaseQuotaPrivilege 3100 msiexec.exe Token: SeCreateTokenPrivilege 3100 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3100 msiexec.exe Token: SeLockMemoryPrivilege 3100 msiexec.exe Token: SeIncreaseQuotaPrivilege 3100 msiexec.exe Token: SeMachineAccountPrivilege 3100 msiexec.exe Token: SeTcbPrivilege 3100 msiexec.exe Token: SeSecurityPrivilege 3100 msiexec.exe Token: SeTakeOwnershipPrivilege 3100 msiexec.exe Token: SeLoadDriverPrivilege 3100 msiexec.exe Token: SeSystemProfilePrivilege 3100 msiexec.exe Token: SeSystemtimePrivilege 3100 msiexec.exe Token: SeProfSingleProcessPrivilege 3100 msiexec.exe Token: SeIncBasePriorityPrivilege 3100 msiexec.exe Token: SeCreatePagefilePrivilege 3100 msiexec.exe Token: SeCreatePermanentPrivilege 3100 msiexec.exe Token: SeBackupPrivilege 3100 msiexec.exe Token: SeRestorePrivilege 3100 msiexec.exe Token: SeShutdownPrivilege 3100 msiexec.exe Token: SeDebugPrivilege 3100 msiexec.exe Token: SeAuditPrivilege 3100 msiexec.exe Token: SeSystemEnvironmentPrivilege 3100 msiexec.exe Token: SeChangeNotifyPrivilege 3100 msiexec.exe Token: SeRemoteShutdownPrivilege 3100 msiexec.exe Token: SeUndockPrivilege 3100 msiexec.exe Token: SeSyncAgentPrivilege 3100 msiexec.exe Token: SeEnableDelegationPrivilege 3100 msiexec.exe Token: SeManageVolumePrivilege 3100 msiexec.exe Token: SeImpersonatePrivilege 3100 msiexec.exe Token: SeCreateGlobalPrivilege 3100 msiexec.exe Token: SeRestorePrivilege 3728 msiexec.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
cmd.exedescription pid process target process PID 1996 wrote to memory of 4588 1996 cmd.exe msiexec.exe PID 1996 wrote to memory of 4588 1996 cmd.exe msiexec.exe PID 1996 wrote to memory of 3100 1996 cmd.exe msiexec.exe PID 1996 wrote to memory of 3100 1996 cmd.exe msiexec.exe PID 1996 wrote to memory of 4672 1996 cmd.exe curl.exe PID 1996 wrote to memory of 4672 1996 cmd.exe curl.exe PID 1996 wrote to memory of 4660 1996 cmd.exe AppInstallerPythonRedirector.exe PID 1996 wrote to memory of 4660 1996 cmd.exe AppInstallerPythonRedirector.exe PID 1996 wrote to memory of 4660 1996 cmd.exe AppInstallerPythonRedirector.exe PID 1996 wrote to memory of 4888 1996 cmd.exe msiexec.exe PID 1996 wrote to memory of 4888 1996 cmd.exe msiexec.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Discord Tools beta\Discord Tools\SETUP.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1996 -
C:\Windows\system32\msiexec.exemsiexec /i https://www.python.org/ftp/python/3.8.12/python-3.8.12-amd64.exe /qn2⤵
- Use of msiexec (install) with remote resource
- Suspicious use of AdjustPrivilegeToken
PID:4588 -
C:\Windows\system32\msiexec.exemsiexec /i https://www.python.org/ftp/python/3.9.12/python-3.9.12-amd64.exe /qn2⤵
- Use of msiexec (install) with remote resource
- Suspicious use of AdjustPrivilegeToken
PID:3100 -
C:\Windows\system32\curl.execurl https://bootstrap.pypa.io/get-pip.py -o get-pip.py2⤵PID:4672
-
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exepython get-pip.py2⤵PID:4660
-
C:\Windows\system32\msiexec.exemsiexec /i https://www.python.org/ftp/python/3.10.2/python-3.10.2-amd64.exe /qn2⤵
- Use of msiexec (install) with remote resource
PID:4888
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3728