General
-
Target
e9cbd277fa5fd638db41d08e9ee3ee57b485b03f9510c67b468b18144aa3b73b
-
Size
136KB
-
Sample
241030-xp7kna1khl
-
MD5
ccfe6496defc4d7c67118ecdc40f8f56
-
SHA1
5758d57fb03f5a5a3eb65ebd447020460c0f34ea
-
SHA256
e9cbd277fa5fd638db41d08e9ee3ee57b485b03f9510c67b468b18144aa3b73b
-
SHA512
1ff975dd14f60bc6f35a5cfad5860019b185d4e589c0c9deea2db7bc44786b4f02a856e49369717160ce496fa14ebb5e77fe257d92589c9614461b230c80f1ed
-
SSDEEP
3072:FRISRU5vzkqB9avktNlHZuKHlbe/O88kgHPYpaDx/V8cXciuTY:52bkqBU4NlMYzPYwv8cXYTY
Static task
static1
Behavioral task
behavioral1
Sample
wise logo.gnp.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
wise logo.gnp.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
discordrat
-
discord_token
MTMwMTA3ODQ3NjIyNDIwMDcwNQ.GG4U5v.q6f5p3v4QsFIwJGxfFjOIPRWeaaZORXwdiclGc
-
server_id
1300782121828356126
Targets
-
-
Target
wise logo.gnp.exe
-
Size
231KB
-
MD5
1c896967e6be98ae74b73609217b6114
-
SHA1
fa667922c64647c9a7c750e22b9073ab85f84e6e
-
SHA256
96ffcd21b01c69b09029c9e4e70a2d6471ebbc4a2ed81478a5846083a4228aae
-
SHA512
08bfc53c47fe6574290b86633632c1efcd42cda7eba6378b3882786d54bd89d3794939fc03b87b8d315c6a55b19d5af6471331f5019a5f42d287d930ee09cd74
-
SSDEEP
6144:ea4InuJg58BkgqPoDH49n8Bb/cTOUXt8Wa:eat0EAH49n8BlUXyP
Score10/10-
Discordrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-