General
-
Target
Launcher.exe
-
Size
76.8MB
-
Sample
240827-jv84sascpm
-
MD5
354b8d4a2241b7586303c772f702413b
-
SHA1
48334923e532623b6c44cf9f56c9edfe943b0e66
-
SHA256
315caf442a04e72acaadc11b22f893612d4267c5851a609099669aa0ecf7bf48
-
SHA512
95dc242bae86ddc8fc56c53ae0c319d5c357a1ddc0caf73e0152c69601ca428d517a4d35eafebd407f03cb8e8ed2daee076b5c5a14039bf48b419ccd1171034e
-
SSDEEP
1572864:2vHcRlKWIh7vXSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgY3huWG/Z9UA:2vHcRUFhTSkB05awcfhdCpuU3kl9U
Behavioral task
behavioral1
Sample
Launcher.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Launcher.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Launcher.exe
-
Size
76.8MB
-
MD5
354b8d4a2241b7586303c772f702413b
-
SHA1
48334923e532623b6c44cf9f56c9edfe943b0e66
-
SHA256
315caf442a04e72acaadc11b22f893612d4267c5851a609099669aa0ecf7bf48
-
SHA512
95dc242bae86ddc8fc56c53ae0c319d5c357a1ddc0caf73e0152c69601ca428d517a4d35eafebd407f03cb8e8ed2daee076b5c5a14039bf48b419ccd1171034e
-
SSDEEP
1572864:2vHcRlKWIh7vXSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgY3huWG/Z9UA:2vHcRUFhTSkB05awcfhdCpuU3kl9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
990bb1210323b8968b180576cf8114d6
-
SHA1
a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b
-
SHA256
b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208
-
SHA512
43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a
-
SSDEEP
384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1