a4b64722382a67b8b540590ea4e993cee5e7e60b46f46778145d88da7369c7bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DiscordBoostTool.rar
Size

109.9MB
Sample

240620-vmy5dsybpd
MD5

29ca01b43a8a23062bb1b2f47def0ead
SHA1

98a070645241e062007ed4d50a8bea483a4f5f8f
SHA256

a4b64722382a67b8b540590ea4e993cee5e7e60b46f46778145d88da7369c7bb
SHA512

d578b0c2b6f8477182633070efd28d20f82f69bc1810db6c535e51fff6e7cfbde78914e10ed9cbfb1e261d744a911078467424a85a8959d58360b0423b7ec5d0
SSDEEP

3145728:7GgHQUK3+AhPEhPFuU/qBLNOJlkwsrS6Wcd2:7GgHwxyhNuUChNOJdse/cd2

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  DiscordBoostTool v1.35.0/DiscordBoostTool.exe
- Size
  
  109.8MB
- MD5
  
  4abfa856910309eab85f730950feb8d7
- SHA1
  
  12a563b458c28e83c40cd30b30452022196d71a4
- SHA256
  
  3970640d2f814181cd839652ae3786760bd4c9d38c17fbbcdf021095eed06314
- SHA512
  
  f0e61069f821855e1560ca834dc2d0e68b0a5549bca7de2c189c2034229d0f801f1f0cc6b8da73751d9425074bf36799371e0c161060043e47afb179945a0e68
- SSDEEP
  
  3145728:cUMY2t/VG6RmtCRlGPrcY2qHO5iVf6enGQbRe0zJcB8UnO9U:ZQ5mERluAgHCix51XcB8UO
Score

7^/10
- Drops startup file
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  DiscordRAT.pyc
- Size
  
  256KB
- MD5
  
  4f956a34bdd07362da51537a5d3ce864
- SHA1
  
  1610a96765ed073f32bfce15e2505ed8b8ad3249
- SHA256
  
  18ae2f452bd3a8392d358beb11190564b3b69355bb23d329ef236aa096f633d9
- SHA512
  
  106c6ed21e2557c8cb12f1923d3378ac7b50e7108b58bb3f67c43ac9d95a3d17272eb4e84ac6f5fd499b5f98de4d4b74c6b7f4ad09cf4989693c39437901db2b
- SSDEEP
  
  3072:/LM3Df7wCMeTR/ZGWM8fRujXLMCFOmQUFWpsZKXFbBZpl:6L7w1eTvwzfp/HoOZ0FtZpl
Score

1^/10
behavioral3 behavioral4
- Target
  
  DiscordBoostTool v1.35.0/GoSrp.dll
- Size
  
  2.3MB
- MD5
  
  b1e99d702b0324e19b8cdc5aa8c9cd2e
- SHA1
  
  1473b708f7c516dc31612c74cb773396f3f7ca93
- SHA256
  
  e2a69763eb347b86c5426a5028650388be585df43cbf03beb576acd095038296
- SHA512
  
  3afec80909a88ffa8a760c6b156e998504f148455bf514512bc8812e390c59835e9a8cce57b041154c894915e47c40750eab66d84c4d7eb1f0257cf177481442
- SSDEEP
  
  24576:Z3rEK7jLQfvtqvZ8UaqvFbK8qUhk8GJXiV6doA+4MHPEBm3KXUQwFAR8YtVrm7C8:ZQdkK8qU6BWStV+Cz8MVZ69rF1Mr3iHr
Score

1^/10
behavioral5 behavioral6
- Target
  
  DiscordBoostTool v1.35.0/System.Windows.Controls.Ribbon.dll
- Size
  
  717KB
- MD5
  
  c938bb2a9537df587d9a4ce01de447b9
- SHA1
  
  8aee2b2e1c7c6786817a5136d011f8427ac9b92e
- SHA256
  
  c3fd046e992f96a0f4b729a6864d07f2320dc2f87fb34033874429c1f03b6931
- SHA512
  
  70eb8ee86a99f25dc9a35bad85e1dcb82dd16babbea6f2a9e540687caa96de3ccbd1205117820802853b3aa922a302183df8ec9c2cd459a4d5c111958de34e3b
- SSDEEP
  
  12288:CDZDWzv+aVPZDpPBi87JBIgu7PO447irbrM+murmje0Prjk3rNr0kzqA7+pHlj99:OmUzpXlzEOIF6HX6
Score

1^/10
behavioral7 behavioral8
- Target
  
  DiscordBoostTool v1.35.0/xNet.dll
- Size
  
  99KB
- MD5
  
  43199187819f5cfb4777edb17dda52e1
- SHA1
  
  926b4d53d74ed0b35b03e552c1901433d8dfa53c
- SHA256
  
  ae8de80698553ebce2f8be298683138297da8095c523b1b4156fcbc5f05f672f
- SHA512
  
  9f0196fdbf3d681cfce643b3dd9bdcbce3bfb30d77cfc539f25c7ce350e091de1b755ebf821e48556d22450e63ac12dd65be5441183588bb3b69baf2955b7db8
- SSDEEP
  
  3072:dNJJH7HdeR19aNqnV+xnEdGmrwqULY3wiqq0Yas2r:dPJbdqnV+xnEdnyE2
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10