General

  • Target

    Discord.AIO(1).rar

  • Size

    5.5MB

  • Sample

    241125-fgk81szjew

  • MD5

    3d588221b2c9781893e7b1ab01dc3fca

  • SHA1

    b5b04487b86a3cb53acff6bb28987567460203bf

  • SHA256

    0e4eb858a365905513d5a052b94a350f257a968cbb2c33245e18df8f7e36d9e1

  • SHA512

    a44d7cb00117c82dcbd797c5c3baabafda957174200cc0a914ff6bd80078816133be874dd12b6c11c6cb7312d1590f015b4231714b0cbd411b8e923ef97f18d1

  • SSDEEP

    98304:ln8/RJ25ew2yquO6/6mC1POC/vKfu+QQLUqnsjJcTIRUKKnI6tw0/lO8jraVv2pe:lnGIj2juO6/671POeEuNQQGcJcSK520K

Malware Config

Targets

    • Target

      Discord.AIO(1).exe

    • Size

      6.5MB

    • MD5

      7adc6022bb09db5e263fb294aaab2566

    • SHA1

      77746a413c35573521c14eba036a2da5da68526a

    • SHA256

      54bb1a394197df666003cd83a607b364b373c32df999c51f3c14bb830fc776ee

    • SHA512

      21922589a3dc6fd2ccf4545dceb15249ca8882d946d9a29a90248dec55ed41b719d9d835381e0115a10d58957dbbc7ac3a277c2e1e88f398c672bed8e249a11a

    • SSDEEP

      98304:27w0WYwOYA4vWVU4fgcmnH3EPIL6yFs9u/FpboNe7mZD7JOu9mq2Jo2N/03FIgcG:ts4vkmXas+6cOGR2JFNmWZCZ

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: i|Q@wizSCql

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.