General
-
Target
2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747
-
Size
663KB
-
Sample
241011-12fjgs1ekk
-
MD5
043e699dbf3d88b6cca5fbe64229ba27
-
SHA1
50661d32315985eab2a70f1d1f6435b9563ca237
-
SHA256
2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747
-
SHA512
04f23cfa08684ce109685bf2068211731018a85bb588cff9de67faca8ecc6e3e02b150a656f91b55557e5f4a949400f90da19f8c37f5abfac034e68e4cc633c2
-
SSDEEP
6144:3E+yclwQKjdn+WPtYVJIoBf4xX26I6DqJM1tc2uQNQ5rHbIOohWy0f:3BdlwHRn+WlYV+Rp2yEM1tc2uYXOos
Static task
static1
Behavioral task
behavioral1
Sample
2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
discordrat
-
discord_token
MTIwNzY2MzY3MDU0MTE2MDUwOQ.Gd6pNB.ScrscETWuXpifr43j4YDLQN_-m1c2UlONmnRmo
-
server_id
1097447165732868126
Targets
-
-
Target
2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747
-
Size
663KB
-
MD5
043e699dbf3d88b6cca5fbe64229ba27
-
SHA1
50661d32315985eab2a70f1d1f6435b9563ca237
-
SHA256
2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747
-
SHA512
04f23cfa08684ce109685bf2068211731018a85bb588cff9de67faca8ecc6e3e02b150a656f91b55557e5f4a949400f90da19f8c37f5abfac034e68e4cc633c2
-
SSDEEP
6144:3E+yclwQKjdn+WPtYVJIoBf4xX26I6DqJM1tc2uQNQ5rHbIOohWy0f:3BdlwHRn+WlYV+Rp2yEM1tc2uYXOos
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies security service
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1