Overview

overview

7

Static

static

3

Discord-Ni...rt.exe

windows10-1703-x64

7

Resubmissions

27/06/2024, 23:26

240627-3eve8sxhrd 7

27/06/2024, 23:07

240627-23zjesxarf 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Discord-Nitro-Generator-main.zip

  • Size

    16.8MB

  • Sample

    240627-3eve8sxhrd

  • MD5

    dcf6f086e5e95694559ca7398b5bd5fc

  • SHA1

    11422b30df265db9377ff3ee611d60e7e0dfd3a7

  • SHA256

    f4f31398b57f9cf8427d1d29ae68e5b20a9a305bbde11b033cd8347ea07dbd2a

  • SHA512

    f4d68d66fd0bbbf522a568426f5a9144add994a6ef69326229a115ff65a9774eef8ba0edb621bd578f7d19f6eaba000f6bc0c680c070dc8e473e3455f839a1e2

  • SSDEEP

    393216:4OxrvT6bbJXUXmuXv8E56c/7fmQQHKgye+IE/kqsowXIDXf8:4OrLobRUXmu/8E56cDfmQq9+1/Lso0

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      Discord-Nitro-Generator-main/start.exe

    • Size

      17.0MB

    • MD5

      b4d7439428c9d1566d2430a56a85da88

    • SHA1

      5bf314773d4e1b0a3bd8c0bd7624be143ec63e8c

    • SHA256

      906b4056dc4fdbfd87c871b3aaeed9f4e447f85ff995f5ba8ad96f784c072969

    • SHA512

      9554a0f5124d5411b5da9c463067e906885ec5f85fd34a851d8d3f4df5899814b571bd667a5b13337414df58c5836f04c4f5cc27145dec92a53218a79e2cbf41

    • SSDEEP

      393216:wu7L/PL01+l+uq+VvUdQusl7Q+l9RoWOv+9faZFZRz:wCLL01+l+uqgvUdQu2QGborvSi

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks