2649b21a2ea62a96e946b5fa19c5c8a43715bce6f983dc05747c4ab6e48b34df | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Discord

windows11-21h2-x64

5

Discord

macos-10.15-amd64

8

Sharing

General

Target

Discord
Size

324KB
Sample

240710-skhnhsvcnm
MD5

b903edf242279ff97b6a015f6b9108d8
SHA1

0e7a8adeeda71f360de396b076a4fdc399df25c6
SHA256

2649b21a2ea62a96e946b5fa19c5c8a43715bce6f983dc05747c4ab6e48b34df
SHA512

ffd32b6b7f01a354e1f27cebef65f87387878527724dff24ebc1b85330d2fc8aedf9f6f63ba770a56fe3062c64f5e24527cf50031441798b4844438feded3877
SSDEEP

6144:1CYoqe2n9dH5M2vkm0aOCl3pId9Ro9IvZJT3CqbMrhryf65NRPaCieMjAkvCJv1O:Hoqe2n9dH5M2vkm0aOCl3pId9Ro9IvZn

Score

8^/10

discovery evasion macos

Static task

static1

Behavioral task

behavioral1

Sample

Discord

Resource

win11-20240709-en

windows11-21h2-x64

12 signatures

300 seconds

Behavioral task

behavioral2

Sample

Discord

Resource

macos-20240611-en

discovery evasion

macos-10.15-amd64

5 signatures

300 seconds

Malware Config

Targets

- Target
  
  Discord
- Size
  
  324KB
- MD5
  
  b903edf242279ff97b6a015f6b9108d8
- SHA1
  
  0e7a8adeeda71f360de396b076a4fdc399df25c6
- SHA256
  
  2649b21a2ea62a96e946b5fa19c5c8a43715bce6f983dc05747c4ab6e48b34df
- SHA512
  
  ffd32b6b7f01a354e1f27cebef65f87387878527724dff24ebc1b85330d2fc8aedf9f6f63ba770a56fe3062c64f5e24527cf50031441798b4844438feded3877
- SSDEEP
  
  6144:1CYoqe2n9dH5M2vkm0aOCl3pId9Ro9IvZJT3CqbMrhryf65NRPaCieMjAkvCJv1O:Hoqe2n9dH5M2vkm0aOCl3pId9Ro9IvZn
Score

8^/10

discovery evasion
- Path Permission
  Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
- Gatekeeper Bypass
  Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
  evasion
- Drops file in System32 directory
- File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Hide Artifacts

Resource Forking

Indicator Removal

File Deletion

Subvert Trust Controls

Gatekeeper Bypass

Credential Access

Discovery

File and Directory Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion

© 2018-2025

Terms | Privacy