0539cb677684ec9500dead2e136fc1dd4969b7d5c4ec84bc18a5d6ef203b1484 | Triage

Resubmissions

13-07-2024 04:59

240713-fmvdwawhnj 8

Sharing

General

Target

Discord.Raid.rar
Size

1.2MB
Sample

240713-fmvdwawhnj
MD5

9e53c3d80aa5fe89171fc26a71940d31
SHA1

8d363b7daa93ac9d1a7f48b56b32cb748d42af1c
SHA256

0539cb677684ec9500dead2e136fc1dd4969b7d5c4ec84bc18a5d6ef203b1484
SHA512

409ee11d46289c3982dd5f6f5174bf83d67326a89170821c156d5bdd5a0632979cc19a36ddec2f425bfbaca43a68b733ab799db91798eb6d40d7d497eb1c8fcf
SSDEEP

24576:wfbRniUjp/1SrueUU5XRoAcXxJq+O7zefd0qJDO06tkLCVAxpxRx4mj:ab59p/wruepRlUxJqFyd0WDzCVAxDYmj

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  DiscordRaid.exe
- Size
  
  759KB
- MD5
  
  5d107f8802ed9f61529ceb75e483799a
- SHA1
  
  053ac3383e366bdc68a36cccc550a31157367ede
- SHA256
  
  03f387d690e4bbad551cfa48b7c28a32a6016a7922018c328bb67e423636ea7a
- SHA512
  
  37590c8fb84f7444b3464856984e062768d3da1838f1104f685e10aec202d4f59f79f62100f9dedc4c67a45cccefc5db6c79b703567b5ba241380cdf73ad417b
- SSDEEP
  
  12288:DyuTmlOIq76xb35zdtKTKKpKKYp5bu9TlLfUTdwq1ndPER:DygEMWx35JvbuhZUTdPPO
Score

8^/10

persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1
- Target
  
  MetroFramework.Fonts.dll
- Size
  
  656KB
- MD5
  
  612080028164b12939751dcccbb68d4a
- SHA1
  
  db066593c63d2eff41a5af1b49a3e098b60e0013
- SHA256
  
  e96030fddaf7e78401567ee82480ad75ee48d3556199a3f85c0ec669edac2ef4
- SHA512
  
  1879c960e27e32941c0c992b84803e7a1f8d243bfc88d17d3d32baca772290b9ea60a6ea90d53170be3bf7f0a58fe71ec901dc66aa560b4bf68b1da56c09fe18
- SSDEEP
  
  12288:H+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:H+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw
Score

1^/10
behavioral2
- Target
  
  MetroFramework.dll
- Size
  
  149KB
- MD5
  
  44538b311e9ec2bcf0a6452702628d99
- SHA1
  
  da67301539903775708e9ec913654851e9e8eade
- SHA256
  
  baf326f52d39155d722465947f4cc67e6e90cfd0f89954eab959568e9bc342aa
- SHA512
  
  b65e3bc1c0f7b4c8f778cf52a36d628301d60aab53fdaf0355163e4865bc3d3adbf8870bb6cefc604708fdf2c0e72258eaf2fe301d524af2f77bc08014c9610a
- SSDEEP
  
  3072:LU0T+erz8jYxYg5lzrPHlMUzxXd4kRZPI9q:vT+erz8jYxYgv/lxXGWPS
Score

1^/10
behavioral3
- Target
  
  Newtonsoft.Json.dll
- Size
  
  683KB
- MD5
  
  6815034209687816d8cf401877ec8133
- SHA1
  
  1248142eb45eed3beb0d9a2d3b8bed5fe2569b10
- SHA256
  
  7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814
- SHA512
  
  3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721
- SSDEEP
  
  12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc
Score

1^/10
behavioral4
- Target
  
  RestSharp.dll
- Size
  
  186KB
- MD5
  
  03094cd5572b5d10431ad7a961c35e97
- SHA1
  
  f4cf7905d8961902a5220baad75d56c0b418b530
- SHA256
  
  0849f013a4731ebda79a4b8bfc586ef6ea25d466ee804173d097179cee4fbfae
- SHA512
  
  693fcde4661df7d246fe76d8c1b039dae67c0aed242ccfd7d5cadc3c0ef686f7b2245611137a7e93872c332c4069dfe5c1f5f33ea4709313502ad9a7cfb3399a
- SSDEEP
  
  3072:sT8k7MGhc0br12jCDO1k5muxdgXAFKDmVIdQSLJ190:sgk31/8r8jekKO
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5