General
-
Target
reni-discord-rat.zip
-
Size
16.4MB
-
Sample
240804-hm1xrsyfrj
-
MD5
88b1dcb52381de7b1a4d22bdbaa965ca
-
SHA1
e27fc20733c1b05cf233405b54c0c7ec1728a796
-
SHA256
4541b6437ea08c7fa890b11d01dce587d7061a2c2c737c5daeed57721e71aa6a
-
SHA512
ff671d2e434cea80187778fd27bb3a0017f62187078a6616401e096e4dd503e7dc6074e7ed61791789bb307449eb8c78553251af8f893dc56c01728fa90868bc
-
SSDEEP
393216:Gj+CQE0xNJZEZwWUK7v5bo1HYkuyrZvH3p02ro:Gj+p3qZAK7poZUyN/yIo
Behavioral task
behavioral1
Sample
Renicail/renicail_menu.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Renicail/renicail_menu.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Renicail/renicail_menu.exe
-
Size
16.6MB
-
MD5
1e242ecb3a0bd6a3bbb510cdf4b2250c
-
SHA1
9bde576d012509aaf8e3febe6fe2a1ab21f6437d
-
SHA256
cf6257d55f51e99a4f7a5cacd0a611dda670fcb38c7779fd32615efab2dcf824
-
SHA512
b002270faaf5fd2065c973768353031b7f808af23949f0e1a03121b96c63b93a46ff4be735ebd3929f76f0ff2dfa29e765205c5e205d0990316591b6abc73414
-
SSDEEP
393216:hu7L/pxgQ2aUX47d4arXsS8RzdChdjaK1:hCLBqQ2aUI7d4arXsS0KaK
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-