discordrat | b32cfa2c536bfc631f37621471e23d3b05dffa1c94ef1c88e8136fd07c389105 | Triage

Submit
Reports

Overview

overview

Static

static

w.zip

windows10-ltsc 2021-x64

8

Sharing

General

Target

w.zip
Size

443KB
Sample

241203-n23msszkcn
MD5

7abde2d9d772212f690e1657e66e4863
SHA1

ce9629c02dbd6953ff5ab9ebc910409a4ebc488b
SHA256

b32cfa2c536bfc631f37621471e23d3b05dffa1c94ef1c88e8136fd07c389105
SHA512

9f6e4bae303120161c98063a0049504dc09f74690ce81c65c8afbc5dfc3788b4058cac0527cda449707e2a79aeb9db695f27e6269bc23442c3b1455d87d51ffe
SSDEEP

12288:ShJL3yGgLoSdDilX+F2ramKbYgMLj7llsLQn:kUGg8Uil/ramJhNn

Score

10^/10

discordrat defense_evasion discovery persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

w.zip

Resource

win10ltsc2021-20241023-en

defense_evasion discovery persistence spyware stealer

windows10-ltsc 2021-x64

26 signatures

300 seconds

Malware Config

Targets

- Target
  
  w.zip
- Size
  
  443KB
- MD5
  
  7abde2d9d772212f690e1657e66e4863
- SHA1
  
  ce9629c02dbd6953ff5ab9ebc910409a4ebc488b
- SHA256
  
  b32cfa2c536bfc631f37621471e23d3b05dffa1c94ef1c88e8136fd07c389105
- SHA512
  
  9f6e4bae303120161c98063a0049504dc09f74690ce81c65c8afbc5dfc3788b4058cac0527cda449707e2a79aeb9db695f27e6269bc23442c3b1455d87d51ffe
- SSDEEP
  
  12288:ShJL3yGgLoSdDilX+F2ramKbYgMLj7llsLQn:kUGg8Uil/ramJhNn
Score

8^/10

defense_evasion discovery persistence spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy