General
-
Target
discrord war (1).zip
-
Size
18.3MB
-
Sample
240817-ds91eavajf
-
MD5
d8e673be49c81168d5b1ebedca1e0d5d
-
SHA1
668305dccd7bf53539523f6fdf454aaa979369ac
-
SHA256
ae9593eef2c3b0d3656807f06c8c7ed4d4171384fbc3a1cc4c846d79c75dd31c
-
SHA512
ee23c606c2f003204eb1dce7295cfa990c607bb2d10f2f6d13f0b0f901e97bb36353619c9f6a8336bb353d1c6f750d564c9231c063517c8536fddbd8ae9188a5
-
SSDEEP
393216:imS5plwo4ddG+3uM/7tUUF2aDsfH+E94jAxqpb+aez0MfCt:imS5plwo4ddJHR92awfHYpqz0t
Malware Config
Targets
-
-
Target
discrord war/IMG_7172.ico
-
Size
217KB
-
MD5
43c61bfae541f416ee9462ccb7315826
-
SHA1
f14d56472adbb37733bad7e8ef57767e20a18337
-
SHA256
000fa63af74c092a6a49866513cfa65ff845ecca649b12a0ef5f65ee65cd8ee2
-
SHA512
56dab254320c7c55aa18780bd2e9573b24168038ae63d1c95f2407825d878c0303e2e4ca92a2295821ed176abc127cd5f601080d53e153fdd308d574179ceda4
-
SSDEEP
3072:XdyZXHD/3Fr/ttyJjhWofZBamB60mBn3HjswwMwHqw7wU:IZXHD/3p/KJjkQxB60Yn3Dm
Score3/10 -
-
-
Target
discrord war/icon.png
-
Size
17.7MB
-
MD5
b7f3e891570c993a7a7dcc5ed12d34be
-
SHA1
8b6fcf6d14088a633203958767a77f22149bbd14
-
SHA256
6d9ac40a42d53196b070ab0afa484a43cda5bb5cd158a9601722e3b77bf1fd4b
-
SHA512
06a265d48d05c67d661938e906424c3ffaebcca2e4fa7aece69f062bcd954162cab9cb89267e95a493eaf3e2b266b3582f76ed6a3d287702b0df1e0d9ccffb91
-
SSDEEP
393216:kqPnLFXlreQpDOETgsvfGFwBgmBgvESZAyW4q:FPLFXNeQoEthBZ1yI
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
9e124a6114567444762a274a0ec6dcf3
-
SHA1
ee2422931197aca302b7a93bca0eca081e733f80
-
SHA256
62200eba33f99cf10356670b1ef8000ac27aecbf53619940b51bfa73671561ef
-
SHA512
db9a2c3a97e598bcf6b5a6606f559606c9d68524b8f402c2ec80b835aa32d8015eee3dbaad9c7ef2918e34fb90fbf3f1d1ecee7af978a59c249ecf02966af010
-
SSDEEP
192:wrXolqMYD86kGWdXwXybi3mnOJhwxx3gcHX4MdwcW+unnw:UWAzWuH2S2f534PcWlw
Score3/10 -
-
-
Target
discrord war/war.py.lnk
-
Size
665.0MB
-
MD5
642afcff1b929b33fba0262768511fee
-
SHA1
dcdf1d0cd4d69bb49f503cbe9749a20cd8f09add
-
SHA256
1e0e3f9355f23d03e70d5a2408a5d4b0a887ad89454fa3fcce2208d5af9b0508
-
SHA512
f56fb8178f38ef5dc290afdc98c71bafc4e55057a1d48519af29c5593b36bfe8df9bad6bbd6e86c8e3268d5bc5b614efac944e324a64d527e11da705f91ec61b
-
SSDEEP
24:8uZVJzpwjEXZAWuA+/K6PK7bGjJGjWONn3PKBme:8MP7aW7EGGJGW8f+/
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1