General

  • Target

    DiscordBotClient-win-x64.exe

  • Size

    80.6MB

  • Sample

    241223-3wgwgawjgp

  • MD5

    335c34643ac39ab75c885b0ed3a05af4

  • SHA1

    3e9159a25a8f4f6fbd8c3a8dcd8cf820e37ef838

  • SHA256

    0bd05d1e8e311cd4e49f81c1836cbbeb22d4b191dcdbb39387f859b3e225a65b

  • SHA512

    c8baf5b0ead89c66ab4408b6e897cbaf9a30c61cadf56e0197c1df24e424bb302b3d6b411e26c1c3f4d73806bda5e3e7785174b443f49bd8c99883301e02e118

  • SSDEEP

    1572864:RMVwbM7w/U1vK7z/36KdHl/dp4jh41hPlJNrz/6fjIehib5e4r8r87rJ:Rcw4w/LztdF/2qzPlJkjI8+5xr8g7V

Malware Config

Targets

    • Target

      DiscordBotClient-win-x64.exe

    • Size

      80.6MB

    • MD5

      335c34643ac39ab75c885b0ed3a05af4

    • SHA1

      3e9159a25a8f4f6fbd8c3a8dcd8cf820e37ef838

    • SHA256

      0bd05d1e8e311cd4e49f81c1836cbbeb22d4b191dcdbb39387f859b3e225a65b

    • SHA512

      c8baf5b0ead89c66ab4408b6e897cbaf9a30c61cadf56e0197c1df24e424bb302b3d6b411e26c1c3f4d73806bda5e3e7785174b443f49bd8c99883301e02e118

    • SSDEEP

      1572864:RMVwbM7w/U1vK7z/36KdHl/dp4jh41hPlJNrz/6fjIehib5e4r8r87rJ:Rcw4w/LztdF/2qzPlJkjI8+5xr8g7V

    Score
    9/10
    • Renames multiple (110) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    3/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      DiscordBotClient.exe

    • Size

      177.7MB

    • MD5

      de672272ecc20a5297d211f610bf89e9

    • SHA1

      fd3ca25eb4703a3ccd48f7fa7dd6bbb3cd8863f5

    • SHA256

      bdd2814e70c075ce41661cc6728bec2555fb2291269d32d5973e932231d25f17

    • SHA512

      35e3c0dfa9351943574ca4d1177fd5f4f00f7aba79e9826191a072e8e65d55a16b06e2684e11a58e92c244ec0833c8e833eb832d2987bd10dc44760c4a51f1b4

    • SSDEEP

      1572864:6exUbXH3qGPA3X2n04n0PgcCu5P3ds7Ical6BEu4ORlKIpDUs0u2hWozR9HLBwNf:ApjRCMx9

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      LICENSES.chromium.html

    • Size

      9.0MB

    • MD5

      c5de877a372447fdd303c1026fb432f2

    • SHA1

      6fc0a751edacbe061e97248fa550691225891030

    • SHA256

      4bf4dd1a05ecba975c90d85117dea74b0e94114f882bb26a7e7d1029afe8fda8

    • SHA512

      b3079b18419ca854118e12e8d4681c9e66ae55fbb1f69cfb3ef6322a1c17557c0adbfab5ced030133af814d39483a2b5c7090ca3abb545e8808ffb6abe6b3ae6

    • SSDEEP

      24576:G8QQf6Ox6j1newR6Xe1VmfQ6k6T6W6r656+eGj7dOp+:fGyeGd

    Score
    3/10
    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      a7b7470c347f84365ffe1b2072b4f95c

    • SHA1

      57a96f6fb326ba65b7f7016242132b3f9464c7a3

    • SHA256

      af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

    • SHA512

      83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

    • SSDEEP

      49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc

    Score
    1/10
    • Target

      ffmpeg.dll

    • Size

      2.8MB

    • MD5

      af6e7c9a3b89e318a6d30f5e6b0b264d

    • SHA1

      e5b9af5ab5e916c352c6f6c5675f60d1962fc490

    • SHA256

      04d0c51e432e72bebf00afc42789567d76095973f6031723f81b97a6aac933e5

    • SHA512

      cdeac1be5183d737aa60126404ff8739b072e98cc63c603f026dafb2ffe9a5786718cbeba19f5bf1947dbb1f7615196017cf8f321029abcfeb480d186b6715fb

    • SSDEEP

      49152:zkzMF+in6Rjp84IEeOUmlyNTzk74y0V+X6CfTBPwN/4MT+fcP:zkXpCOUyy5Z96Q/Wk

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      473KB

    • MD5

      fc6eaf6a41f3c5009cb59bf7c31f4e71

    • SHA1

      1637a7de0a79095a29de0c20f73d9bdd21383447

    • SHA256

      35fc03a6fc2f308428801b0179780ae25373a09640225bfa6611b442eaa44783

    • SHA512

      62b53cebc20f8d55765face7b30d205b450b20a0467d6a6d6ae7a1e6f3cdc220f268d177a14572631304e5314c83b69753605688da6be912412c3f101483012e

    • SSDEEP

      6144:QeoMqSwktU6O8J6AGrIKLD0Rv8KRWAwi+u7fSGSXtZu:mMeAQ8JFGrIKLDW9W2+u7fSGS+

    Score
    1/10
    • Target

      libGLESv2.dll

    • Size

      8.0MB

    • MD5

      089b0680bef6f1e8a070be3627c26261

    • SHA1

      d74cee5db729cbfb1b9d2ce4b86e0d2eb2d9501c

    • SHA256

      171d72ce6518a10eb38e5403e81d2cabccc2c88f8ee4b507d18fb3cdc3668a8f

    • SHA512

      cfbfc14ee59d89f0ba171f5ec0588c843a98ff4c6cd981fca3513895bf7cefafe5c8fbec0aab0c9f7a5b157152fc740a02669d8f892cbf00d9b5521607f5c161

    • SSDEEP

      98304:+sbPUQUHoQ5dKV0H4HrX7OBAK2dMNFR7VxVXC3OTC+:+sbP/UHoQ5AV++wAlMlVXmO3

    Score
    1/10
    • Target

      resources/app/AppAssets/ApplicationFlags.js

    • Size

      2KB

    • MD5

      eec426654520914ac29fd910188d9aa1

    • SHA1

      3ab11679c50e356619d9d904c218104d9675f1f5

    • SHA256

      21f692e827529c26a6146543a86959622b48daa93dd05377ad4ea1cbdbeb5058

    • SHA512

      fc465128aeab3f750570dd1ad68447ff987c0744a5f247e31dc9ee9508a1b433aa81a599f7a11f7b59d11b1b461eba483c5164c0c0c5b54c0fcb19d54ca9be5d

    Score
    3/10
    • Target

      resources/app/AppAssets/Bitfield.js

    • Size

      4KB

    • MD5

      0e4f446393e985553f777ab9341e30f6

    • SHA1

      20062783b81010a82a3e21ff90a5de94546ff72f

    • SHA256

      094d6a93221c6f0be88328a1e8be06ddc8c9843075bea223496d265f566d38a9

    • SHA512

      4699ade4a37cb22f1c2c78d1466de9e3a16907c1dbd41af78271f7737e0468aa87bd3e50098dc9457c057fd63e826c893ed61235cea5eb7f00969958ebb5c687

    • SSDEEP

      96:yOQoBDbtHM5glSqsJ7+PYjcJ2mqwWdfezCrj2FTV9ll8DCS4r0rpgPH:DQoVbaaljnPYjXw+VrqcDCvrFH

    Score
    3/10
    • Target

      resources/app/AppAssets/Constants.js

    • Size

      3KB

    • MD5

      139479730af2d401766e374bf158fa28

    • SHA1

      58120af8646b7df1d53df5f4639feb5cf0a15e75

    • SHA256

      1d0341c6aea851150c7f46e553f71c7a9b5a9867731f22895ad814eac5d3d07a

    • SHA512

      8828b0085aa22b8821ac1b26bb1ce7ce0607d040011d059b2d9139ed7ec82842d64f241563b2ae49e344139ab80ae94d338c28dfa3d0100c15f50d85ee8c1561

    Score
    3/10
    • Target

      resources/app/AppAssets/DiscordShop.js

    • Size

      468KB

    • MD5

      93eb0e41544a481a8b3585193cf26aa4

    • SHA1

      30861250b780e63ed7a443529d537100e385fed1

    • SHA256

      c001d4055403c15ced7c4f5a2f7746dec262de3e22c90762b50c073e9556db4f

    • SHA512

      5b69a0e69c8ffefa3f7f03082b17d9304a1c05e894627dcaeedbe0b54e24d6e5cf7e1cbf8351581b79864112ccf47dcfe4159ef076decf18633046ee5d8731cb

    • SSDEEP

      3072:y7n2yEhOyibs4H7rc89ui/kk9r2Xx/uVExh4LAyY:y7nfj7rc89uil9r2Xx/uVExh4LAyY

    Score
    3/10
    • Target

      resources/app/AppAssets/DiscoveryGuilds.js

    • Size

      244KB

    • MD5

      f059d144071f9e6d5eab9f776f149e4f

    • SHA1

      0ecbcf1ef1a0f72135a07f66b65563f7b05c7d7f

    • SHA256

      0a31e86e52e830c6eeffdb30adfd4fc2b76226f4a6ea2eb9a073a0aca7e9d044

    • SHA512

      e325be1a5eca92d4f72ca48dec715789eebc249ca13612afdcb8f826db6879d9874a3c6200f16cb2a9b09b5d4813d672baf595831dde5c1c1239e93c27f41995

    • SSDEEP

      1536:kpRAf3uG/txqa6drwBn9jFFMHDCyuMLmbEn0Hw6Tez5pRAfbXuG/jxS:rfftJgwBnNQHDCyuMs1HwBKfb/jg

    Score
    3/10
    • Target

      resources/app/AppAssets/Experiments.js

    • Size

      10KB

    • MD5

      4fc633f25972b7743a1ac96fa3b9998f

    • SHA1

      fa2c8313e27ad7131b315b7dbe9b35888fde17d6

    • SHA256

      09bd68457af92243062853f4ba28a1d6c017701389c8f3d7364d86eaba661299

    • SHA512

      d4fb28ce045b0cd815784f5b1f0296844d251386811c7bf3c95bbdef95ca7b12517ee31901bfcb02b920a55d569b7ef4bff2f5ce9c5fd40055b3aa9c045472da

    • SSDEEP

      192:D24e42wsYUurnn+Y20HKx7GtR4OKQR82M2myrsLHWpQg+BvbSACpO:D2TJ6nnRKx7GTr82gHDBhZSO

    Score
    3/10
    • Target

      resources/app/AppAssets/NitroData.js

    • Size

      21KB

    • MD5

      23bb7bf2ff7bd7c12e4d35a74d151849

    • SHA1

      1d1a669aa4b0678580a8976efbcadf497f4cbdc0

    • SHA256

      d012238f3079d967d7731e7d6716da994ba0c27e57b91621ef85c5a14a76aad4

    • SHA512

      1a11b746da73f5b66fd48b4329ad14e86b9f35746e7837e91354bacd79b6f97314094b220ddaf64c9dbdc47ad7854a1824bcc50b498bf2e31ea799ce58b0f16f

    • SSDEEP

      384:DqV0WsV0WBAzddAzdEx2Azd4zV0W/zV0WT2AzdczV0WMzV0WWAznAz2/zV0WNzVJ:R

    Score
    3/10
    • Target

      resources/app/AppAssets/SettingProto.js

    • Size

      3KB

    • MD5

      af22b12d1b4ff635704da9245f084a13

    • SHA1

      6891ac244b78a49ffb3ec1d76d44cea66f2dc546

    • SHA256

      4af85c45924218605b5a7a779c2ab936261c700a697e71e11191b499d1a0082c

    • SHA512

      bf169be77c901b4dafda4b54b3491e4678abe5e6381748aa66e6059afbec3a804a0f58864f21c3f1e491c68c13d30b5954d7ca2e8026674f2815b6463a46822f

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

mirai
Score
10/10

behavioral1

discoveryransomware
Score
9/10

behavioral2

discoveryransomware
Score
9/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

Score
7/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10