03f465505ded1fc79e566d7e81bd1cf33fab2876a11ec4ac7e39da238db467f7 | Triage

Sharing

General

Target

Discord Account Generator.zip
Size

80.2MB
Sample

240706-ecp6qsvdlq
MD5

2f45172ce3bae5a81110d0b1ef8aa759
SHA1

cb247018fe57205cf95786992fba0c8def50e806
SHA256

03f465505ded1fc79e566d7e81bd1cf33fab2876a11ec4ac7e39da238db467f7
SHA512

14f75d14ba93e0a1b0a4964c71febc471e3d3deee2109b3d408b988f3c0ca282d7c1d1155e33ec1240139b261edab1f968ad33d2de6024794ee2fc09dc9deb3e
SSDEEP

1572864:Bxrtm25G88jddGv+WfZgeltMJBXfkmN9Z5805LtQ24CTkAvT15XPClHE0Lrz9:BxrER8MGvjIHBTa055Q24CTNbzKHjLX9

Score

7^/10

persistence privilege_escalation pyinstaller

Malware Config

Targets

- Target
  
  Discord Account Generator.zip
- Size
  
  80.2MB
- MD5
  
  2f45172ce3bae5a81110d0b1ef8aa759
- SHA1
  
  cb247018fe57205cf95786992fba0c8def50e806
- SHA256
  
  03f465505ded1fc79e566d7e81bd1cf33fab2876a11ec4ac7e39da238db467f7
- SHA512
  
  14f75d14ba93e0a1b0a4964c71febc471e3d3deee2109b3d408b988f3c0ca282d7c1d1155e33ec1240139b261edab1f968ad33d2de6024794ee2fc09dc9deb3e
- SSDEEP
  
  1572864:Bxrtm25G88jddGv+WfZgeltMJBXfkmN9Z5805LtQ24CTkAvT15XPClHE0Lrz9:BxrER8MGvjIHBTa055Q24CTNbzKHjLX9
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1
- Target
  
  spotify/resc/lib.exe
- Size
  
  11.1MB
- MD5
  
  db84d160a0bc7c225b7f40cd3517c070
- SHA1
  
  363eaf4c468775cd90bd987d5fe9c234ad057212
- SHA256
  
  82eced0c60a3d89e563eecd81842d0caf33693395e12174d7080fdb4b173db95
- SHA512
  
  c32d55c2e7bbbd603211051c3a9cb1b25c9e479d97598925bb32086e61354d84ea62e928966913c80dee0c1be13e0da30cc34536c9177b318ae804192eed3e7d
- SSDEEP
  
  196608:YegaVcz64fioP1HqsimvlG2etbYPvbJQlHJCOI5sw8CYP7Jg44EMo5Wiu:1cz64NP1RimtokJQlpFC7uMi
Score

7^/10
- Loads dropped DLL
behavioral2
- Target
  
  spotify/resc/method.exe
- Size
  
  69.2MB
- MD5
  
  1d731839c7f33561d5eb723de2a40117
- SHA1
  
  f3bf5841e9a939007abfab28700b2145441660d1
- SHA256
  
  f1bcfb3868e94e371135b2f902a67a461525c923f1d185008a08fbbe07729894
- SHA512
  
  75bad41beb20f6185bdd657c7ea16e354dcbe21cff1537876727f53e9317c6dff06ac154e47f9c3a199518e6a7129ef28a781d38b2f2364e718b3af8d5074e8d
- SSDEEP
  
  1572864:njddGv+WfZgeltMJBXfkmN9Z5805LtQ24CTkAvT15XPClHE0Lrz:jGvjIHBTa055Q24CTNbzKHjLX
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3
- Target
  
  spotify/resc/tool.h
- Size
  
  11B
- MD5
  
  172fe9d49de6927c8ac5b458431d5b19
- SHA1
  
  3d5060f9bcc9e57b0611a95d83ba964aebe36769
- SHA256
  
  a50e3bf929ff8c818493c762e8b9ad2af42a5cc1f266e8be2f517bd9658b63c5
- SHA512
  
  f7893d0e949457fb91f268f44b69f64f21cef9916cec32e89574039681704ca57dcaf2357a82ffa78877ac667f56c74f239e0449284810bcbe075ab7d2c37b5a
Score

3^/10
behavioral4
- Target
  
  spotify/run.bat
- Size
  
  135B
- MD5
  
  c88519e72ede9309b5083a5c47a5a958
- SHA1
  
  c9fd1b5468e9b173a71bdda7f53f738dfdd7a200
- SHA256
  
  f5df648a106a9a6000e3aff96452fec76dbbe1f09a8cbdf4aa1df949168fd5a3
- SHA512
  
  b717336d4afa92a724a3ce7743d572e10d4d4a4d8e9f46d097f15034907c551e69eb04a77c64b9a614f4434744e3c69962caeecc162eae33a7ff283506d9c37b
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

behavioral3

behavioral4

behavioral5