General

  • Target

    DiscordBotClient-win-x64.exe

  • Size

    80.5MB

  • Sample

    241006-nllz4s1fnr

  • MD5

    7acff4b78a019393e795775c788abd0a

  • SHA1

    eb05978340ac49e3e574f0c4019cc54a30f406c7

  • SHA256

    d3dc7279001865d1d6bc8c4c2e85d93969329618466fc94f03871d36f6356237

  • SHA512

    6c5c2a16329d56c8e79c83963ee5be33d49bf74502155bb0733d4370b829f5e860b5cf687d91c9f64f1cb542c7810b2dd2bb1996608ccf60ad54dfdc93fdcf1e

  • SSDEEP

    1572864:hO/c+P+15kmpcnxpv2lvc1xZEfOUFAGfIGQOhBLlYXNI2hmbtA5:hL19pGklQKfOFGf8O3eXNlhKA5

Score
9/10

Malware Config

Targets

    • Target

      DiscordBotClient-win-x64.exe

    • Size

      80.5MB

    • MD5

      7acff4b78a019393e795775c788abd0a

    • SHA1

      eb05978340ac49e3e574f0c4019cc54a30f406c7

    • SHA256

      d3dc7279001865d1d6bc8c4c2e85d93969329618466fc94f03871d36f6356237

    • SHA512

      6c5c2a16329d56c8e79c83963ee5be33d49bf74502155bb0733d4370b829f5e860b5cf687d91c9f64f1cb542c7810b2dd2bb1996608ccf60ad54dfdc93fdcf1e

    • SSDEEP

      1572864:hO/c+P+15kmpcnxpv2lvc1xZEfOUFAGfIGQOhBLlYXNI2hmbtA5:hL19pGklQKfOFGf8O3eXNlhKA5

    Score
    9/10
    • Renames multiple (147) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    3/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      $PLUGINSDIR/app-64.7z

    • Size

      80.0MB

    • MD5

      5980ecba4e5c91463e279ecd9cfd1b7f

    • SHA1

      e5659827eb1007b66570dcba1387b8acc3a444b8

    • SHA256

      5088559fbf918dff3e22300568c63c87944f55271eaf1bddf5d6d1fd0a359e4a

    • SHA512

      973557daf4c23bc0b45ed56529b15d4136c2c758060723bef79ae36cd8661de3ec9e755aeb8fa9a72c31253641f6aaf492899b968399a90fb747238fff1766fe

    • SSDEEP

      1572864:R/c+P+15kmpcnxpv2lvc1xZEfOUFAGfIGQOhBLlYXNI2hmbtAq:419pGklQKfOFGf8O3eXNlhKAq

    Score
    3/10
    • Target

      resources/app/node_modules/@protobuf-ts/runtime/package.json

    • Size

      994B

    • MD5

      e4010423eba1cf519ef3791d0fb9b1e5

    • SHA1

      fbe83ec8d1b2738bb3ea01ad9b6a7753310ccd2a

    • SHA256

      7fb5af49b52688806ae50763c1b132cdf424a28ac0b8292b9ea78905e9276a52

    • SHA512

      1fcbd1c509f20a54b8bac828e6c507cc231dc26462b1d9778cd4fd39f86f5ddd4ba920d90a2b4c1f829b204ef20f519c5d7f9277a6c458a287bc182eac143cd5

    Score
    3/10
    • Target

      resources/app/node_modules/accepts/HISTORY.md

    • Size

      4KB

    • MD5

      5577813327e7b93a2e3aed18f3e2833c

    • SHA1

      58be8678425511c7cfa60e0ee0f009740eaa4616

    • SHA256

      ef66fe7e96fee5760f153fc5059124effa5310895b336585e3a80a93c9f2d9be

    • SHA512

      4318e9d590ce10cf62a5218adca86c0fde7eb6afb49212ba6085f9d6bd9bee85294e4e1b1b00a8b80d51771aafd975cb43ce02a8a2d9463d19a47b64336f9078

    • SSDEEP

      96:se/lRUzCazCZ88Yzi0wWtbIRySLH8dzKCwNOJrI+QUVsWm:hcNi8YwdDFC

    Score
    3/10
    • Target

      resources/app/node_modules/accepts/LICENSE

    • Size

      1KB

    • MD5

      bf1f9ad1e2e1d507aef4883fff7103de

    • SHA1

      f027af3e61af3880fd7f7b8ba9452a85dd215738

    • SHA256

      71f83c4c0621102a56d9853812777b85751bce7e9726f686f5b056c1f8a4b0e6

    • SHA512

      a1a293eb0097fe87875f3bf908cc0b0ee8f15e995c68e984b6a24e247b2e954407d7941ea96abd7fe002a1bdfb713fdfb0d3839d948a334603f05e644829f606

    Score
    1/10
    • Target

      resources/app/node_modules/accepts/package.json

    • Size

      690B

    • MD5

      3d5bfc661de1adb98c489f5d38943e31

    • SHA1

      d69992aba556425806ad7983c12c51120bd557ee

    • SHA256

      2322f81dd2d758915806721d35db67eacce0aaa1674f0c62637ded84427d6644

    • SHA512

      6e283019d4c29f63d22e152a0f9f748f5edcc083f84921bae897615930760ec40d7f394ad3f69a1c714277671dd39eca9657c2e0b12549b82b625f13f67bac14

    Score
    3/10
    • Target

      resources/app/node_modules/ajv-formats/LICENSE

    • Size

      1KB

    • MD5

      b070047241b584db26163b1dca5206e0

    • SHA1

      2f569dda4f86ca2c1a061e005cff04a5a92a8e35

    • SHA256

      9df3bb69929a3b650ed73b3bfa1756725aaff0ac296461605753547004eafeaf

    • SHA512

      8fad4fbe3c52ffd605236731f8ed593178bfd4ae84c5fc9771bf96b9819779195e65d1611432dcf6671a110384c0c1dfbc4f43261acadfab48d2bd8374ce8f07

    Score
    1/10
    • Target

      resources/app/node_modules/ajv-formats/dist/formats.js.map

    • Size

      5KB

    • MD5

      54c34959164d02a2b3c61afba123a0e2

    • SHA1

      b98f8a6213709cf547bb89dec037680e4e658c50

    • SHA256

      166778cb8feec069034babf6e20700d9c92220d04d70b9d2f90cce95de7fae24

    • SHA512

      397910cd3e7226acf887d6503796e9328a0aefdcdc2d65234b69cce92a52b0de3cf6bda47097f48cf4831f0ecda0a12ad9b7780044b6217473991fb2c75f8a43

    • SSDEEP

      96:flmG5tMAYyIP2Re0W/3ECeKJsjQj+nhECehJfii9Ql:flmG5tMArEV1msmfWigw

    Score
    3/10
    • Target

      resources/app/node_modules/ajv-formats/dist/index.js.map

    • Size

      1KB

    • MD5

      fdaeaa71d94ed99f9c0dfbc2567d21b9

    • SHA1

      556eb14563e46ad8f9d0b5f94335a248fba93aba

    • SHA256

      aaec578d5a2af589e3d726a6383198fa7b116b4e6c41900f4e5fb285bc9f6a67

    • SHA512

      82eb509302ee0dbc6452c12761693571b07a5b5f54c117cf86303bc29d6482f55e8607f214cb0bce2492db62b457eab71cd3af22febf1cd1db63b735d0f8e74b

    Score
    3/10
    • Target

      resources/app/node_modules/ajv-formats/dist/limit.js.map

    • Size

      2KB

    • MD5

      21e5de3312c8d8c606d70f5e09d41a6f

    • SHA1

      128e8444cd6131ca35395777818261bceb1a1818

    • SHA256

      80835360b0867a81d4761783a4aec70825d658474e57dbd2a740c05d7b607bba

    • SHA512

      8aeb15cd179b62824d29b05988c3241f9fccb8c25ac6920c85d6e10882dbcc2f86d36d6e157ddf32940056d31436b4fd36b7b47adfbc38654af0a5c5c47b40f3

    Score
    3/10
    • Target

      resources/app/node_modules/ajv-formats/package.json

    • Size

      1KB

    • MD5

      d05ce2b1d652ba1f1235037fb78c323c

    • SHA1

      0ea041c98507790bbb20718809404a571cec3211

    • SHA256

      ca76c549d158d201b424ecf63eb28474173da2d8cb8c8266ba06a2ee19f9d669

    • SHA512

      069d9afed01825ebdc06cad558811b63a116662c0e5599cf0bf538c748222887a6b7c00eaca5995b3e168f742a4af0f127641b281066d11097d5d8bea32ff96d

    Score
    3/10
    • Target

      resources/app/node_modules/ajv-formats/src/index.ts

    • Size

      1KB

    • MD5

      fe0ec195ed4e6f438093e493e0797d8e

    • SHA1

      a6d74085de51ce88b6d48cf3e40c8e15ac55dc27

    • SHA256

      fb330a47ec7d2c8498d03078834603dab1a0689f40ca15875e6d57d740c5ff71

    • SHA512

      86cea59d36d17e97ddc975abe9147dac2d8eba0cc4e8a461576901a0b47ff7aad3114fb1e066e59819cf8ce67aa12a7acf7890643798d07ae79488f557e78a0c

    Score
    6/10
    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discoveryransomware
Score
9/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
3/10

behavioral24

Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

Score
3/10

behavioral31

Score
1/10

behavioral32

discovery
Score
6/10