General
-
Target
Discord.exe
-
Size
3.4MB
-
Sample
241027-v4a4wszenh
-
MD5
10c1f09bc3622fd5731fd59c9ee9f364
-
SHA1
2810179bd17f36d4bfc8bcb8a6e5550364add546
-
SHA256
bb1e3ab96fc200f8a2e2392e50d49ed07f79685feb952a7f763e9bd39ed9f95d
-
SHA512
59b74e02b05da0388873f421b61d6a7bbe4a0c451309dd7d73ee3fb45cb9ed473097810188f26af2900213580ee41f923ad69c59e4ffca4517c548651c011a15
-
SSDEEP
49152:ZvLe821/aQWl8P0lSk3aKA3Z+ncKFhQoGdITHHB72eh2NT:Zvq821/aQWl8P0lSk3DA3Z+ncKFW
Behavioral task
behavioral1
Sample
Discord.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Discord
192.168.0.21:4782
6848d73c-338e-4d72-b4ed-98b57a48ac11
-
encryption_key
A8DD1D22E5D9A23DED8DD538404A72125636D367
-
install_name
Discord.exe
-
log_directory
89jfidsfu9032jr-94302ujfidshf903-90ds8ahf03892yr-8d90saudaisuh023
-
reconnect_delay
3000
-
startup_key
Discord
-
subdirectory
Update
Targets
-
-
Target
Discord.exe
-
Size
3.4MB
-
MD5
10c1f09bc3622fd5731fd59c9ee9f364
-
SHA1
2810179bd17f36d4bfc8bcb8a6e5550364add546
-
SHA256
bb1e3ab96fc200f8a2e2392e50d49ed07f79685feb952a7f763e9bd39ed9f95d
-
SHA512
59b74e02b05da0388873f421b61d6a7bbe4a0c451309dd7d73ee3fb45cb9ed473097810188f26af2900213580ee41f923ad69c59e4ffca4517c548651c011a15
-
SSDEEP
49152:ZvLe821/aQWl8P0lSk3aKA3Z+ncKFhQoGdITHHB72eh2NT:Zvq821/aQWl8P0lSk3DA3Z+ncKFW
-
Modifies visibility of file extensions in Explorer
-
Quasar family
-
Quasar payload
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Active Setup
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
3