General

  • Target

    DiscordBotClient-win-x64.exe

  • Size

    80.5MB

  • Sample

    241115-qzv62sylhq

  • MD5

    7acff4b78a019393e795775c788abd0a

  • SHA1

    eb05978340ac49e3e574f0c4019cc54a30f406c7

  • SHA256

    d3dc7279001865d1d6bc8c4c2e85d93969329618466fc94f03871d36f6356237

  • SHA512

    6c5c2a16329d56c8e79c83963ee5be33d49bf74502155bb0733d4370b829f5e860b5cf687d91c9f64f1cb542c7810b2dd2bb1996608ccf60ad54dfdc93fdcf1e

  • SSDEEP

    1572864:hO/c+P+15kmpcnxpv2lvc1xZEfOUFAGfIGQOhBLlYXNI2hmbtA5:hL19pGklQKfOFGf8O3eXNlhKA5

Malware Config

Targets

    • Target

      DiscordBotClient-win-x64.exe

    • Size

      80.5MB

    • MD5

      7acff4b78a019393e795775c788abd0a

    • SHA1

      eb05978340ac49e3e574f0c4019cc54a30f406c7

    • SHA256

      d3dc7279001865d1d6bc8c4c2e85d93969329618466fc94f03871d36f6356237

    • SHA512

      6c5c2a16329d56c8e79c83963ee5be33d49bf74502155bb0733d4370b829f5e860b5cf687d91c9f64f1cb542c7810b2dd2bb1996608ccf60ad54dfdc93fdcf1e

    • SSDEEP

      1572864:hO/c+P+15kmpcnxpv2lvc1xZEfOUFAGfIGQOhBLlYXNI2hmbtA5:hL19pGklQKfOFGf8O3eXNlhKA5

    Score
    9/10
    • Renames multiple (147) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    3/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/sortedLastIndex.js

    • Size

      679B

    • MD5

      edf7c1dd55d8a3aaf886646ab98fb6b8

    • SHA1

      b886560112d50f2aef5f1acdcc5cd9296ff6f8b7

    • SHA256

      31a10902c20e65ab63869587d18ffa300a3f4f3ddf46051ec6f9df82ffeafa0f

    • SHA512

      4239b55372aa7acda3f58cb6479cba8007c5912221ef768037f22c7fee987e5753301efbed7f2bd5db93557a3be0b3504a2386d9cf0b61832aef117bd376bbce

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/sortedLastIndexBy.js

    • Size

      1KB

    • MD5

      c7f17efdecf80fb5d1877f4ea7fcdbd1

    • SHA1

      4bf9117b8f1d0161a8369f127220b897819cd6a9

    • SHA256

      a4023ca1c6ea8042e34844fdbb823d3748c22a56271cfe08717265293c75b040

    • SHA512

      f816be7e06bc477a9d83ab35265a12710a70dbd29b55976767eafc4f91e5ee35662a91b05ebbd33bfd67b37591c1bb12836c62476a11c0f36e76bfb731338a28

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/sortedLastIndexOf.js

    • Size

      770B

    • MD5

      cb2fde759991938076500485fb599dd8

    • SHA1

      f4a56782a4a913c330d832d80000e0340093e020

    • SHA256

      bf039101776c42209d49dc4d6aa71766f6379b649570cbe1820a8665bbd2697f

    • SHA512

      7a311919ed0557011311c40e8d44187061549225f21405d02ad36d5be444cbcd51ff75c6c479b5e208e4ba81ea8bd87424ebcdc310d7fec6dc74a50d8d91e1ef

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/sortedUniq.js

    • Size

      513B

    • MD5

      568e6f15563d47bb860de848740d62c1

    • SHA1

      612a221cb2088447b6510930f35f7140ecf41d1f

    • SHA256

      7703c411b9007aadde4b059ed06a62c9c0ea8c0ce2727f355a9c50070b4ebd33

    • SHA512

      bfca5ca3ff5a938730fd7d98d937f9e654cf067081c462d4fd47834355d8f47abff24e3b2c21e38917874416eb03c8b1bf3d9ade0631cdf775a95e7cfff90a67

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/sortedUniqBy.js

    • Size

      698B

    • MD5

      4b9f711fa40bfbb43f81de03fb69e74c

    • SHA1

      e9ee6345a66fbef43ac161edd568feb2f197a2ce

    • SHA256

      8d531a82e2bd8150e5e50b7e2237fcef5163fd4ee63919ec3b1aca73b2420d9e

    • SHA512

      403bcd1a2d7fba2c7bfc82456800863cdc5a63a8de56ce87a01adc008d01d70a92838c9108f6a61012b964e101f059ca9e9ba4a5b02cfc11b299b9324a5ea95d

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/split.js

    • Size

      1KB

    • MD5

      b10beee26acbe6ed42dda344257b4526

    • SHA1

      f33b9e68923d6bd511a37658a794104452f1bacd

    • SHA256

      9ddd17c2b6f10fcae28e91b8e8448ec8e5a8d97e3b4c8c005fc6d684060b8926

    • SHA512

      542da236835a7594052c1841520bca15cd8b65f23b3484a052fda23543892792217b25130638b40b9b04975be08dc2f84c935d1789a2ce9aae9316548d510444

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/spread.js

    • Size

      1KB

    • MD5

      ed73b3b29d6f3bb10cc490766bbbc23c

    • SHA1

      b5e45484e55917c836dfc464d1c1dfb5e016a53b

    • SHA256

      73d5b51a697642c4a8a855d06d337473ad15be8f2039287587ccdf760628531d

    • SHA512

      004b60241f6f527747f2f52cb492319da80abe1da96f414ce473efde488a48a621793bc4d032d7457f164f74aad7f3bf5375861a27347a542aaf0747d6401d3c

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/startCase.js

    • Size

      714B

    • MD5

      9f860d4002c8c7942c8005d6169908bf

    • SHA1

      5cae4afa2846579e8173a62ae27253a75fb57119

    • SHA256

      108cd495196f72d90a5fd94044456cf5a2761f0516923bdeb76740d00db42d22

    • SHA512

      1b01984a413823ed538347b12d4bc9498b58f7ae56b78b91ccd85e7062dbbc49bdc77d158ac78847522626358797e576153c6c4c99ee95e925cfcbdb08d91696

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/startsWith.js

    • Size

      1017B

    • MD5

      170c896bc1e289221c42bab9e40ada27

    • SHA1

      10e9857ce37a805453b6e1c5e0caac454d08ba89

    • SHA256

      5d9a4b6bb06a1720fa1e97eb9e59a942e52ec2201da91f0ff24c5a68276face0

    • SHA512

      7ad7648ef2523fd63f5220ff1b1c3a96006c44f29d91e0fabd4315210d76fd7040b43476e1b1d6c4015dcdcb54b625b6c3a03cb41fd2da9a16015fc8e63ccd1f

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/string.js

    • Size

      1KB

    • MD5

      721a07aec6e4f9cf2ba3e4ac90e7eff2

    • SHA1

      9da506e6420a685f56f77ccdcdd4dfe0ffe552b0

    • SHA256

      636bf39182438c55ffff385e677cc705cdef460199b4c509fc9b9acaa56c4925

    • SHA512

      44fc2e4a7ae7fca04c60e398e8af4f8181a30d489ff05329a79f1208de1ec18a852690fa0a4c3571db32c9b12f2c08f05f0b2f5ccc36bcafbc273402a1599ca0

    Score
    3/10
    • Target

      resources/app/node_modules/lodash/stubArray.js

    • Size

      390B

    • MD5

      255f764473d31fae0562de536dbcb7ae

    • SHA1

      bdc0e5ed494f2924ffd64e91620fbcd8161f7223

    • SHA256

      86957766d1bc7426012c406dd17a928f542c6dc761d49abfb166c476e00ba32f

    • SHA512

      1bf1ece6699ecb25b0b80c57a098fa66f3fcdca35b839759e03a77f4f23be6afdc1f04a134f2b664a8b5ce3e4a155be3bdb1b5ae1bc4ff03f22e943027044ee7

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoveryransomware
Score
9/10

behavioral2

discoveryransomware
Score
9/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10