Overview

overview

10

Static

static

10

Oxegen Exe...ox.dll

windows7-x64

1

Oxegen Exe...ox.dll

windows10-2004-x64

1

Oxegen Exe...min.js

windows7-x64

3

Oxegen Exe...min.js

windows10-2004-x64

3

Oxegen Exe...nds.js

windows7-x64

3

Oxegen Exe...nds.js

windows10-2004-x64

3

Oxegen Exe...min.js

windows7-x64

3

Oxegen Exe...min.js

windows10-2004-x64

3

Oxegen Exe...en.dll

windows7-x64

1

Oxegen Exe...en.dll

windows10-2004-x64

1

Oxegen Exe...en.exe

windows7-x64

1

Oxegen Exe...en.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Oxegen Exec.rar

  • Size

    267KB

  • Sample

    240709-1txsssyakq

  • MD5

    00fe1fa17133b11f1335653cf83ba40f

  • SHA1

    16954cf7bd53166c606199027f562a4bdf897ae3

  • SHA256

    3ef7eb0816dc3e90bd47be2620b53d57628d3d5fb79cfaef2166ee101504ce40

  • SHA512

    f1d1042f1958e50940459a19f96a97eb86aa50510095abbd23cd1c56e8294921e2fda436fae3b92ab34581b77dd6d5c4b11d076f9616add32c7e17996943dc4f

  • SSDEEP

    6144:ZiOuxHdpbz9Sut70XkRsSwsSKTub6ZnjrEKBjkF8mvOaDXMrWG24I0O:oOWHfbzP72kdSKTubEjrFaCmvOAsa

Score
10/10
discordratexecutionpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1NjYxMDkyODE0MTY2NDM0Ng.GoCAda.9jAnxnZbVToLnUTaW-wRrWIl-V07WOjBZlKZ6U

  • server_id

    809482718164680734

Targets

    • Target

      Oxegen Exec/FastColoredTextBox.dll

    • Size

      323KB

    • MD5

      71963eb6707ef2de595d336d5810082b

    • SHA1

      aefa3ec8411e2ad2a7f0a496be0c7f52cb908bd5

    • SHA256

      f67f8caf9216123c0f669ae7a0e9a086a28ad9fee7e4756c224a7706ceaab1cd

    • SHA512

      a2410423d7d9c730e3d7d48a03a01342149778539bc2bb32fa404d1722296eb1f0ebfc2f8224665b6e84b6e17a16cc3392334ad7958662fe9d65c6bada6a471b

    • SSDEEP

      6144:JR0J4lxA/7BA4xvNIwcKAZ+IBJhaeFMdFDCBdxBsqmLDi5eN5DDl1SqPF:JR0J4ElAovNIwxAZdBOeFMuzheN5

    Score
    1/10
    behavioral1behavioral2

    • Target

      Oxegen Exec/Scripts/Elysian admin.lua

    • Size

      75KB

    • MD5

      c11d3559a545703fbe376e10606e3bb8

    • SHA1

      7689a000d4b8bddc319c059bc267ed00ab430672

    • SHA256

      80875b7c78bf2675096d4351836dcc044d84bde963e4fb3f4edfdbdb9e2fe1f7

    • SHA512

      77fb8bce0c2252da7b746586aa3beb2d6f80c46819600c1c8da766e59c82b97a34fc4451c29c62c3b19a14b77743aefe6be1bceca21f9420e36674c86d3375ee

    • SSDEEP

      1536:jzd51az2hlIiHIgvnHqmPbU+LcqO9vg4r6U/XSZ8MLh9Km3S4Nfz+O3dN6/IS6+M:V5fLHIgvHbU+LcqO9vgO6iXSZ8Mdh3Sa

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      Oxegen Exec/Scripts/Quick kick and other commands.txt

    • Size

      19KB

    • MD5

      22f8b58250ed13e3d124fbdee093f80d

    • SHA1

      a7430f2d356efcc6abfd1f97464307c1e9176963

    • SHA256

      dec540b6865f650793a0f47b20189f63a3af093246e4549ae2abf69e1d567441

    • SHA512

      f01f60a9eedb3f1e5855e2a43d8fd5450c51ac15962be8c6b7c52b2726df0fc8c71a63dbac32f24d46c77c674d84d608235f002aeed128334716b284f32bb39c

    • SSDEEP

      384:Exhop6EPQRydi3R8vRNW3SldYTEZXPmES64YsauzePEdY:Exup6YQRKmR8vRNW3SldYTEZXPmEl4Yp

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      Oxegen Exec/Scripts/fedora admin.txt

    • Size

      47KB

    • MD5

      941b118664d6de2c0847a9a1c89bd44d

    • SHA1

      c4b1d3fc396c719cfbf075f7c018b153018db345

    • SHA256

      ea759928e3eff822f7ec1d8e73babe5169632f578a8a680bc174374e865115cb

    • SHA512

      7ae39c32c9e97e28c8a7030bd654c4aa39d05c0e5c97b77aa21cf171b6a931c4cd25ca6fbbef19f617097b8eb56839956107d41de16bbb33fe5db7ccae8e45ce

    • SSDEEP

      768:6UCQeAeFHNR3kYMiEAHfIXI6Xh3XZtsSaLD8fBDJ5w+Wol1X1nXT7+tWivqKNOBv:mGAHAXXXh3XzKLStWaFmViqhedFkg4Ct

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      Oxegen Exec/oxegen.dll

    • Size

      339KB

    • MD5

      e326bcbc52f5c4b9c8b563ad4e9fd18c

    • SHA1

      fbfabe434cec05affc865f5fc1335ad7af2a9434

    • SHA256

      ffc0dfab64404df4eed5f1975f0fc44201f35bee79e387644f5c9883073610f2

    • SHA512

      f2ece7723283e7c6a8768a05505748af01d18405b377e8bf1a549c106b28356ca5b49a796891517ca3afc6394eeb0739838f072290edfc3f7264cf04d6c66176

    • SSDEEP

      3072:s6UAGcFg+l7mBevnP9WCGWUT4OOx5cDURi8tfBwQrxYijAMN0nmqR4/4f2meJlkx:OA7Flyvm

    Score
    1/10
    behavioral10behavioral9

    • Target

      Oxegen Exec/oxegen.exe

    • Size

      78KB

    • MD5

      778530293626aa22c24995339aebdb0c

    • SHA1

      6316c9b311be02521566b0f612be5b39c02071bd

    • SHA256

      70be34e9af44e63074c443f14c312228e887269fcf3feb757ed674cc5390b262

    • SHA512

      1fa355c5defdc008858d14f5b0304aea046de062e2c703dc47ebecc84d7f15da5a29d6c474390c9dc110c8d22b96ac30ba4ae836460023f1fd22a694794fe2c7

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC

    Score
    10/10
    discordratpersistenceratrootkitstealer
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

3
T1059

JavaScript

3
T1059.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks