mirai | 88f10843fd4b876ea4a261e9d8e5019c3e1fb3a4640b9d13f2d258ed7a3921c2 | Triage

Sharing

General

Target

DiscordBotClient-win-x64.exe
Size

102.5MB
Sample

241228-qsva6syndj
MD5

54a2d11530ff526f77fe0877462d2eeb
SHA1

3cce33f09a72e509dbf871f21a330947d4711993
SHA256

88f10843fd4b876ea4a261e9d8e5019c3e1fb3a4640b9d13f2d258ed7a3921c2
SHA512

2256fa4bd8315734507562091e3a433f9d2888b81a529a0892a0c0899fae92874a18e1269e7004419b3dab4a7f4da196010cb6f398f78a12a6a12f89aac4fcb0
SSDEEP

3145728:YVw4blb52h3yslb52h3ywhgDOZB931nMhAnIr8g6S:ywYt52hJt52hBZB93lcAn5S

Score

10^/10

mirai discovery execution

Malware Config

Targets

- Target
  
  DiscordBotClient-win-x64.exe
- Size
  
  102.5MB
- MD5
  
  54a2d11530ff526f77fe0877462d2eeb
- SHA1
  
  3cce33f09a72e509dbf871f21a330947d4711993
- SHA256
  
  88f10843fd4b876ea4a261e9d8e5019c3e1fb3a4640b9d13f2d258ed7a3921c2
- SHA512
  
  2256fa4bd8315734507562091e3a433f9d2888b81a529a0892a0c0899fae92874a18e1269e7004419b3dab4a7f4da196010cb6f398f78a12a6a12f89aac4fcb0
- SSDEEP
  
  3145728:YVw4blb52h3yslb52h3ywhgDOZB931nMhAnIr8g6S:ywYt52hJt52hBZB93lcAn5S
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  102.0MB
- MD5
  
  f4475f217cb2752cfd0deb2fccaed708
- SHA1
  
  4aae9f7fabff60eacd4b7fcd9468323015755f3d
- SHA256
  
  6c4e6fbcd867da356f8510300c8b9a093b63202c90ad3239a25f3424ea76d567
- SHA512
  
  c019c6b3d4bd0751d8dbd9e2b19e479eb10d2548baed4957b21256a01a87896588408538da560d6933ad29ffef2700732723dda794f869e3f8a832e10679a819
- SSDEEP
  
  3145728:aw4blb52h3yslb52h3ywhgDOZB931nMhAnIr8g6/:awYt52hJt52hBZB93lcAn5/
Score

1^/10
behavioral11 behavioral12
- Target
  
  resources/app/AppAssets/ApplicationFlags.js
- Size
  
  2KB
- MD5
  
  eec426654520914ac29fd910188d9aa1
- SHA1
  
  3ab11679c50e356619d9d904c218104d9675f1f5
- SHA256
  
  21f692e827529c26a6146543a86959622b48daa93dd05377ad4ea1cbdbeb5058
- SHA512
  
  fc465128aeab3f750570dd1ad68447ff987c0744a5f247e31dc9ee9508a1b433aa81a599f7a11f7b59d11b1b461eba483c5164c0c0c5b54c0fcb19d54ca9be5d
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  resources/app/AppAssets/Bitfield.js
- Size
  
  4KB
- MD5
  
  0e4f446393e985553f777ab9341e30f6
- SHA1
  
  20062783b81010a82a3e21ff90a5de94546ff72f
- SHA256
  
  094d6a93221c6f0be88328a1e8be06ddc8c9843075bea223496d265f566d38a9
- SHA512
  
  4699ade4a37cb22f1c2c78d1466de9e3a16907c1dbd41af78271f7737e0468aa87bd3e50098dc9457c057fd63e826c893ed61235cea5eb7f00969958ebb5c687
- SSDEEP
  
  96:yOQoBDbtHM5glSqsJ7+PYjcJ2mqwWdfezCrj2FTV9ll8DCS4r0rpgPH:DQoVbaaljnPYjXw+VrqcDCvrFH
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/app/AppAssets/DiscordShop.js
- Size
  
  749KB
- MD5
  
  a0ad871cae72db85d57000b0b2a60461
- SHA1
  
  53bea352e673f6482eb5382b2bced28f024cd23e
- SHA256
  
  7e82c0221f8dcbc2c597243cfe753fac2c87ffaab414f7d9607deeca37b1ee46
- SHA512
  
  34cb950e106b496632eced63d37c0348f85007b8bd6cc409735fbdd60be3fdffbebc28e8c3f60deb23103c7038ee5bf25947968caa5bc17f0a7a6f956cf2e5fb
- SSDEEP
  
  3072:9s7n2ythjbc9HMrcn9ui/kk9r2Xx/uVExq40MbV:9s7nfIMrcn9uil9r2Xx/uVExq40MbV
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  resources/app/AppAssets/DiscoveryGuilds.js
- Size
  
  199KB
- MD5
  
  693868ede4614c488ce62385e9ba25be
- SHA1
  
  cda5757c014177f4244ec57c0fabeb8926ea29ca
- SHA256
  
  df6e5f3156ed26955dc2d5b5fbffa68c616a7b9fd6832ec61c4d6c5065f07956
- SHA512
  
  471a4cb723a9d2375c6f53e64f5923853388b1e9d63f9f68d1b62fcd1d8d1537f6c3f0a80d6b33e62823b02d993f9ae2f57b0ca2db35d0a5405f95425225a47e
- SSDEEP
  
  1536:SfDMNO3z+OhuLPdPo9Y35QWdbL8WeHoPNGNOAFJ13:0ThodwSrbIrV3
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/app/AppAssets/Experiments.js
- Size
  
  23KB
- MD5
  
  cb41d7175b448b8ff4c67a1ded152c90
- SHA1
  
  f2953655ffeb3beae6480acf6faa0f7173f32d1d
- SHA256
  
  2c20a0c63d4d370e3f634cd6c273e160ef17e2a8cdd6cdf08d116bcc2ccad7e1
- SHA512
  
  5828fe7bf1feffeaa4a3e15370c5c7f42b1964b165d8587b2eb20a66a18c1ce0186409060c8efe6af761d9e573aeff6f4f937ef647ae054e1b3cdbcf60d2bda6
- SSDEEP
  
  192:ixCjYEBMxjhwRpg4JPMxNc5cR6NEA7qiJsNg:xjTBMx1ie4Sc5cR6NEA7qNNg
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/app/AppAssets/Intents.js
- Size
  
  2KB
- MD5
  
  7803b137b33ba6a58d8e7ce2987f574e
- SHA1
  
  296e63a937701a01461b270f69371799f67dd711
- SHA256
  
  75c69ed27d24b2f3417ff02f851ba66e1ee5462be366706a686a4de10c69bc95
- SHA512
  
  c45fee222be883ee38c0d960119f310772b1133ee8d923e56d0088e185518bdc6c71509f3639980014a76476c829e0e2c56844125eeef39287de88993bd062fa
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/app/AppAssets/NitroData.js
- Size
  
  21KB
- MD5
  
  23bb7bf2ff7bd7c12e4d35a74d151849
- SHA1
  
  1d1a669aa4b0678580a8976efbcadf497f4cbdc0
- SHA256
  
  d012238f3079d967d7731e7d6716da994ba0c27e57b91621ef85c5a14a76aad4
- SHA512
  
  1a11b746da73f5b66fd48b4329ad14e86b9f35746e7837e91354bacd79b6f97314094b220ddaf64c9dbdc47ad7854a1824bcc50b498bf2e31ea799ce58b0f16f
- SSDEEP
  
  384:DqV0WsV0WBAzddAzdEx2Azd4zV0W/zV0WT2AzdczV0WMzV0WWAznAz2/zV0WNzVJ:R
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  resources/app/AppAssets/SettingProto.js
- Size
  
  3KB
- MD5
  
  13e22575a3f50305a195ee99b998fabf
- SHA1
  
  626412b39980797c20d3cf3cb21aafa309330263
- SHA256
  
  886cec91083157b6bb696533b2651b5df1d5ce577a2992e1f748240ad18fad2c
- SHA512
  
  b064be587599db0175da30cda914dd796955d0da5b0f8473c158d1bfd21748495cc1a8a84d49bf2c7f5a3b7ed694512cbca98ddfe611717501ef777ea0a4d9d2
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  resources/app/AppAssets/SnowflakeUtil.js
- Size
  
  3KB
- MD5
  
  398f94b779e39e62916b9bdbde8bdf77
- SHA1
  
  5a0ee4c9a6d372cf4526c45c1329ecd2e73db02e
- SHA256
  
  4315f5e89ec335a7b8ceeccd351dafdbab15577f5d3b59d21598fe55faa41c07
- SHA512
  
  8db4ce0967579782be5821d818da303c1aba4c247043333041e05517f660baeba0dfed62ab3ee23e20ccb4be769686436abd5d01cf4d25bdc1acca5d71894a85
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  resources/app/AppAssets/SystemMessages.js
- Size
  
  3KB
- MD5
  
  557f0b99b4ce6f4ec2a81d064585cbf4
- SHA1
  
  771a02a167e4ffa4965c82c6b39e64c27095718c
- SHA256
  
  feb979bddd60b8dbd93f745da7f7d483f5af96bc305df517cd5188cf10fdfaaa
- SHA512
  
  6b980f6690965fc5cc33dca6f295acf923cc5697c9e64539d80b857d0d88ac5755ab270943f7b404e269ed923a54d45549fed2619226590f59bb8db86f3066f4
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32