empyrean | 0bc0f7afb984d2a56826ad30649640b7d778ab541e0db6d488be8ab5cecce38c | Triage

Submit
Reports

Overview

overview

Static

static

DiscordAut...gs.vbs

windows10-2004-x64

1

DiscordAut...er.exe

windows10-2004-x64

9

DiscordTyp...ts.dll

windows10-2004-x64

1

DiscordTyp...rk.dll

windows10-2004-x64

1

Sharing

General

Target

DiscordAutoTyper.rar
Size

17.8MB
Sample

240819-261wnavekm
MD5

31c832186152976ceadf04758a435a78
SHA1

136cd486e3aa2071cc93d107c1eae6f0889f01ba
SHA256

0bc0f7afb984d2a56826ad30649640b7d778ab541e0db6d488be8ab5cecce38c
SHA512

511a625a655cfe27e041356aa0b1e503526e3c07f4ec73b05e91bb355d010a4cd34b403fd3d389769f84f4663c3856ad63cc29b052aa08c319e61b6bd23d9060
SSDEEP

393216:8QjwxHVHEXsUYoKiREVlTL7bTdr8pppbv371PA0fH8ZrdN:83hZasUYDDlTL/8v3BA0f8TN

Score

10^/10

empyrean credential_access discovery pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

DiscordAutoTyper/Defender_Settings.vbs

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

1800 seconds

Behavioral task

behavioral2

Sample

DiscordAutoTyper/DiscordAutoTyper.exe

Resource

win10v2004-20240802-en

credential_access discovery spyware stealer upx

windows10-2004-x64

10 signatures

1800 seconds

Behavioral task

behavioral3

Sample

DiscordTyper Builder/MetroFramework.Fonts.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral4

Sample

DiscordTyper Builder/MetroFramework.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

1800 seconds

Malware Config

Targets

- Target
  
  DiscordAutoTyper/Defender_Settings.vbs
- Size
  
  313B
- MD5
  
  b0bf0a477bcca312021177572311e666
- SHA1
  
  ea77332d7779938ae8e92ad35d6dea4f4be37a92
- SHA256
  
  af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
- SHA512
  
  09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8
Score

1^/10
behavioral1
- Target
  
  DiscordAutoTyper/DiscordAutoTyper.exe
- Size
  
  17.7MB
- MD5
  
  660fc26acd3b9fccac3de97e8b1fe083
- SHA1
  
  ff7e9c0c4de40c4046c6fb6c2710f16b23742f04
- SHA256
  
  9d8162de0cde810b068abec84690dab693132bb48f67fda748930d1a94043e01
- SHA512
  
  25ba5e7add66678c102f3593223d151f8aad6838baa7e635928333ee7a508b4fd1a676ed24364b0c21b429711d0509e4a27c4bb1b8f4abf365d951cf3a036fc0
- SSDEEP
  
  393216:gqPnLFXlreQpDOETgsvfGFwbgmAvE96kTeq:hPLFXNeQoE/h51D
Score

9^/10

credential_access discovery spyware stealer upx
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  DiscordTyper Builder/MetroFramework.Fonts.dll
- Size
  
  656KB
- MD5
  
  612080028164b12939751dcccbb68d4a
- SHA1
  
  db066593c63d2eff41a5af1b49a3e098b60e0013
- SHA256
  
  e96030fddaf7e78401567ee82480ad75ee48d3556199a3f85c0ec669edac2ef4
- SHA512
  
  1879c960e27e32941c0c992b84803e7a1f8d243bfc88d17d3d32baca772290b9ea60a6ea90d53170be3bf7f0a58fe71ec901dc66aa560b4bf68b1da56c09fe18
- SSDEEP
  
  12288:H+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:H+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw
Score

1^/10
behavioral3
- Target
  
  DiscordTyper Builder/MetroFramework.dll
- Size
  
  149KB
- MD5
  
  44538b311e9ec2bcf0a6452702628d99
- SHA1
  
  da67301539903775708e9ec913654851e9e8eade
- SHA256
  
  baf326f52d39155d722465947f4cc67e6e90cfd0f89954eab959568e9bc342aa
- SHA512
  
  b65e3bc1c0f7b4c8f778cf52a36d628301d60aab53fdaf0355163e4865bc3d3adbf8870bb6cefc604708fdf2c0e72258eaf2fe301d524af2f77bc08014c9610a
- SSDEEP
  
  3072:LU0T+erz8jYxYg5lzrPHlMUzxXd4kRZPI9q:vT+erz8jYxYgv/lxXGWPS
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

credential_accessdiscoveryspywarestealerupx

behavioral3

behavioral4

© 2018-2025

Terms | Privacy