General
-
Target
SIGMA.exe
-
Size
8.4MB
-
Sample
241117-sz14easlbs
-
MD5
30e6d63f20707c4b9b9a3025432e0046
-
SHA1
7b3247927b9c6a48a153f0caaf383fc5f0720d3a
-
SHA256
80214672f15b4f10ed899f566dc70ef28123cb4c1c4d9e2df08c404414571399
-
SHA512
cf1fabf80f19eb9d36e9b8748929fe86f9388249d8db715ef46936e16372dfbbe65492392002c81d7f7e8d9ecdb7a3cfcb18d46dc197fc86111196373c9e15d2
-
SSDEEP
196608:VTuYyXwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jb:vIHziK1piXLGVE4UrS0VJX
Behavioral task
behavioral1
Sample
SIGMA.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SIGMA.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
discordrat
-
discord_token
MTMwNzY5MTM0MDAzNjk2NDM4NA.GlNnmM.EmCM5xkHRnU95wVkGidcxtbz7l0Jfhj7Erc0EI
-
server_id
1307689713271836672
Targets
-
-
Target
SIGMA.exe
-
Size
8.4MB
-
MD5
30e6d63f20707c4b9b9a3025432e0046
-
SHA1
7b3247927b9c6a48a153f0caaf383fc5f0720d3a
-
SHA256
80214672f15b4f10ed899f566dc70ef28123cb4c1c4d9e2df08c404414571399
-
SHA512
cf1fabf80f19eb9d36e9b8748929fe86f9388249d8db715ef46936e16372dfbbe65492392002c81d7f7e8d9ecdb7a3cfcb18d46dc197fc86111196373c9e15d2
-
SSDEEP
196608:VTuYyXwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jb:vIHziK1piXLGVE4UrS0VJX
-
Discordrat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3