Overview

overview

10

Static

static

10

DiscordToolTrial.exe

windows10-2004-x64

8

DiscordToolTrial.exe

windows10-ltsc 2021-x64

10

DiscordToolTrial.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DiscordToolTrial.exe

  • Size

    11.0MB

  • Sample

    250210-wlxeva1lg1

  • MD5

    37e1d259961aeef3abaceb8abc4ee375

  • SHA1

    760d43e6a1b44e06ab02f87d182ec8bb5e6bb185

  • SHA256

    686724eda1b76e06786349c6b472b749b42f9937bb3b18ebb15e9ce2af04cb0c

  • SHA512

    ae9c3921ebbc0f7cb0928dbbafbdb1b646d3d687c0eeaed6f93dc70505304f98e7483ef7f458215c1534acc762c5983a435d631185f86d01ddb0a8a947025a96

  • SSDEEP

    98304:4WZvITBChCqFsMamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkz+as5J1n6ksB0rNA:4W9IdqiteNlpYfMQc2s8hn6ksqdhi

Score
10/10
blankgrabberdefense_evasiondiscoveryexecutionupx

Malware Config

Targets

    • Target

      DiscordToolTrial.exe

    • Size

      11.0MB

    • MD5

      37e1d259961aeef3abaceb8abc4ee375

    • SHA1

      760d43e6a1b44e06ab02f87d182ec8bb5e6bb185

    • SHA256

      686724eda1b76e06786349c6b472b749b42f9937bb3b18ebb15e9ce2af04cb0c

    • SHA512

      ae9c3921ebbc0f7cb0928dbbafbdb1b646d3d687c0eeaed6f93dc70505304f98e7483ef7f458215c1534acc762c5983a435d631185f86d01ddb0a8a947025a96

    • SSDEEP

      98304:4WZvITBChCqFsMamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkz+as5J1n6ksB0rNA:4W9IdqiteNlpYfMQc2s8hn6ksqdhi

    Score
    10/10
    discoveryexecutionupxdefense_evasion

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks