empyrean | 39c4afc796f6730ec8da841d1aec05f2c3e87424952f6e85049a98f66edea31c | Triage

Submit
Reports

Overview

overview

Static

static

DISCORD NU...YY.exe

windows7-x64

7

DISCORD NU...YY.exe

windows10-2004-x64

7

Resubmissions

18-01-2025 20:09

250118-yxfycaspdz 10

18-01-2025 10:10

250118-l7g7ya1mcn 10

30-12-2024 21:29

241230-1bxp3szkaq 10

01-12-2024 13:51

241201-q58dkasqaz 10

Sharing

General

Target

DISCORD NUKER BY KLOWZYY.exe
Size

19.5MB
Sample

241201-q58dkasqaz
MD5

3b74622cb80575e2fd54acce44b7e133
SHA1

9890e867697ae8fd5e35543c3ac257cf03065606
SHA256

39c4afc796f6730ec8da841d1aec05f2c3e87424952f6e85049a98f66edea31c
SHA512

46e8a33ca55d3e10b95054fad61e3ef0ae21c68932e115c45c16d6126d88a9e6cbc8e2701d7f37e11815671427abb863137ce5b3909534c1a04260b2a987bca6
SSDEEP

393216:hqPnLFXlrFrpQQ6DOETgsvfGYgDGAvmkCbaBIIOdWgk:IPLFXNFrpQQrEROTn/Od

Score

10^/10

empyrean discovery pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

DISCORD NUKER BY KLOWZYY.exe

Resource

win7-20240708-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

DISCORD NUKER BY KLOWZYY.exe

Resource

win10v2004-20241007-en

discovery spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  DISCORD NUKER BY KLOWZYY.exe
- Size
  
  19.5MB
- MD5
  
  3b74622cb80575e2fd54acce44b7e133
- SHA1
  
  9890e867697ae8fd5e35543c3ac257cf03065606
- SHA256
  
  39c4afc796f6730ec8da841d1aec05f2c3e87424952f6e85049a98f66edea31c
- SHA512
  
  46e8a33ca55d3e10b95054fad61e3ef0ae21c68932e115c45c16d6126d88a9e6cbc8e2701d7f37e11815671427abb863137ce5b3909534c1a04260b2a987bca6
- SSDEEP
  
  393216:hqPnLFXlrFrpQQ6DOETgsvfGYgDGAvmkCbaBIIOdWgk:IPLFXNFrpQQrEROTn/Od
Score

7^/10

discovery upx spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

discoveryspywarestealerupx

© 2018-2025

Terms | Privacy