empyrean | ad56b6ade9a69b0218e2158a23829513e96cbf21397615869bdba814d6d62283 | Triage

Submit
Reports

Overview

overview

Static

static

DISCORD NU...YY.exe

windows7-x64

7

DISCORD NU...YY.exe

windows10-2004-x64

7

Sharing

General

Target

DISCORD NUKER BY KLOWZYY.rar
Size

19.3MB
Sample

241118-sszxrsyqct
MD5

da495b4ac9a3c2c9d2fd0dc40ef20b18
SHA1

4fabe049853833cc6d88462cf5444994c2397201
SHA256

ad56b6ade9a69b0218e2158a23829513e96cbf21397615869bdba814d6d62283
SHA512

521cc778448736544b83747ca449a468668d5fa9735198ae47ea0fe9fb91fe2503a2949059ef58437a07873db39752839146b3a676a7d45218014535bc98af9f
SSDEEP

393216:c/I174WG88MmsfUA2P9UmljkIuTgHJUgMt3Xy4opJHw2O4vgc:c/lXML32mTgHJFM9ydZMUP

Score

10^/10

empyrean discovery pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

DISCORD NUKER BY KLOWZYY/DISCORD NUKER BY KLOWZYY.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

DISCORD NUKER BY KLOWZYY/DISCORD NUKER BY KLOWZYY.exe

Resource

win10v2004-20241007-en

discovery spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  DISCORD NUKER BY KLOWZYY/DISCORD NUKER BY KLOWZYY.exe
- Size
  
  19.5MB
- MD5
  
  3b74622cb80575e2fd54acce44b7e133
- SHA1
  
  9890e867697ae8fd5e35543c3ac257cf03065606
- SHA256
  
  39c4afc796f6730ec8da841d1aec05f2c3e87424952f6e85049a98f66edea31c
- SHA512
  
  46e8a33ca55d3e10b95054fad61e3ef0ae21c68932e115c45c16d6126d88a9e6cbc8e2701d7f37e11815671427abb863137ce5b3909534c1a04260b2a987bca6
- SSDEEP
  
  393216:hqPnLFXlrFrpQQ6DOETgsvfGYgDGAvmkCbaBIIOdWgk:IPLFXNFrpQQrEROTn/Od
Score

7^/10

upx discovery spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

discoveryspywarestealerupx

© 2018-2024

Terms | Privacy