General
-
Target
Discord.Image.Logger.exe
-
Size
4.5MB
-
Sample
240920-ybajfatglc
-
MD5
2aa9588877a9951a734a0952df0a5aaf
-
SHA1
ce5f737c4f345b206ab5fb0a0bf32f11bd63ca66
-
SHA256
c23cd068b8b9a82a4dc6f677a114e09e8019d0bfeb62714166b9ca26305511bc
-
SHA512
e0d46af417907f05c401f27af1d715de60dbe170fb2f4fd185e694843e1dc7acd001b272711386af6b2c878e038f4995be62c45ee4ef38c04ce1dcc44df48715
-
SSDEEP
98304:RQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:8zUcwti7TQlF3ZxxWJSUnDv
Malware Config
Targets
-
-
Target
Discord.Image.Logger.exe
-
Size
4.5MB
-
MD5
2aa9588877a9951a734a0952df0a5aaf
-
SHA1
ce5f737c4f345b206ab5fb0a0bf32f11bd63ca66
-
SHA256
c23cd068b8b9a82a4dc6f677a114e09e8019d0bfeb62714166b9ca26305511bc
-
SHA512
e0d46af417907f05c401f27af1d715de60dbe170fb2f4fd185e694843e1dc7acd001b272711386af6b2c878e038f4995be62c45ee4ef38c04ce1dcc44df48715
-
SSDEEP
98304:RQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:8zUcwti7TQlF3ZxxWJSUnDv
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies Security services
Modifies the startup behavior of a security service.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
1Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1