General
-
Target
Nuke Tool discord-gg-kasyno.exe
-
Size
42.5MB
-
Sample
241212-sk9f8sznfj
-
MD5
51817b9dcd9c193c3358f6b179d268d1
-
SHA1
48711e49dd33723c12a2ba925d228b99ab297274
-
SHA256
eacbb5f16c8e1315bfa69d3bb0ce318cf246cff642bbde43e6263fd34e0c399b
-
SHA512
6a5b1ac87137fe7ced1c902ee331d2eaf38a6d042b836190abd1a6a9f3826e1141c86ab64557992e7c388278f81f8abd04e60027e790cad8713c374f920f6957
-
SSDEEP
786432:gDEDi+G9pN2TxKFLyPnoVIXkXVGRG7dcuZaqdior4XXpf6q3loaU/fsc+KkeAhev:ggDi+RoFLyPno/AydcucZfb3KnqKUhev
Behavioral task
behavioral1
Sample
Nuke Tool discord-gg-kasyno.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Nuke Tool discord-gg-kasyno.exe
-
Size
42.5MB
-
MD5
51817b9dcd9c193c3358f6b179d268d1
-
SHA1
48711e49dd33723c12a2ba925d228b99ab297274
-
SHA256
eacbb5f16c8e1315bfa69d3bb0ce318cf246cff642bbde43e6263fd34e0c399b
-
SHA512
6a5b1ac87137fe7ced1c902ee331d2eaf38a6d042b836190abd1a6a9f3826e1141c86ab64557992e7c388278f81f8abd04e60027e790cad8713c374f920f6957
-
SSDEEP
786432:gDEDi+G9pN2TxKFLyPnoVIXkXVGRG7dcuZaqdior4XXpf6q3loaU/fsc+KkeAhev:ggDi+RoFLyPno/AydcucZfb3KnqKUhev
-
Drops file in Drivers directory
-
A potential corporate email address has been identified in the URL: [email protected]
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3