Resubmissions

31-10-2024 01:53

241031-cbd1zavqay 10

31-10-2024 01:48

241031-b8cnqsvpdv 10

General

  • Target

    Discord-Raider-Pro-main.zip

  • Size

    29KB

  • Sample

    241031-b8cnqsvpdv

  • MD5

    95fb97009c92dd08c2a1e93de4f94e14

  • SHA1

    f2d8b2befea1d328c33cf6c7bd4202f0b586a8cc

  • SHA256

    7dbd77c2c5c6a8d3a224642632f8653d1d6d37b02be4c8dc63e24ea9eeefc7a8

  • SHA512

    a4abfcd605b5eb108d61700a610f6fcbf3edd191f521dd6444da11a42f47441d4fe2e5170c5792d95295fdcbd027d3b9260f59d26035a2cd23f16bad0952c771

  • SSDEEP

    768:Y0BgE1Npk7RV/BIRb/84lS/gO7boG3uhA9n9ZhHisGmpw7G:XBV4qRTt/O7ccZhHZGmz

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://chocolatey.org/install.ps1

Targets

    • Target

      Discord-Raider-Pro-main.zip

    • Size

      29KB

    • MD5

      95fb97009c92dd08c2a1e93de4f94e14

    • SHA1

      f2d8b2befea1d328c33cf6c7bd4202f0b586a8cc

    • SHA256

      7dbd77c2c5c6a8d3a224642632f8653d1d6d37b02be4c8dc63e24ea9eeefc7a8

    • SHA512

      a4abfcd605b5eb108d61700a610f6fcbf3edd191f521dd6444da11a42f47441d4fe2e5170c5792d95295fdcbd027d3b9260f59d26035a2cd23f16bad0952c771

    • SSDEEP

      768:Y0BgE1Npk7RV/BIRb/84lS/gO7boG3uhA9n9ZhHisGmpw7G:XBV4qRTt/O7ccZhHZGmz

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks