mirai | 70330c357e3752604f59bfd661478bd6d8d114dde53e48b1ad13396adfec346b | Triage

Sharing

General

Target

DiscordBotClient-win-x64.exe
Size

102.5MB
Sample

250308-t835ssztgt
MD5

0c997dda07377f03ea18ae945cf5f386
SHA1

afca4d4d992a3086ac470321cb9277cd272e7ab3
SHA256

70330c357e3752604f59bfd661478bd6d8d114dde53e48b1ad13396adfec346b
SHA512

3baf692e1fbb6618c52177a890f2e573990e2ecf3839ad70e5a88060ced78b719834fbb2387bb578341ba39b8930a0e0328b826bc4d7bf529f4194551232d723
SSDEEP

3145728:FUw4Mlb52h3yslb52h3yikWOvEVlDOZB931nMhAnvr8g6s:Kw9t52hJt52hQWOJZB93lcAnQs

Score

10^/10

mirai discovery execution

Malware Config

Targets

- Target
  
  DiscordBotClient-win-x64.exe
- Size
  
  102.5MB
- MD5
  
  0c997dda07377f03ea18ae945cf5f386
- SHA1
  
  afca4d4d992a3086ac470321cb9277cd272e7ab3
- SHA256
  
  70330c357e3752604f59bfd661478bd6d8d114dde53e48b1ad13396adfec346b
- SHA512
  
  3baf692e1fbb6618c52177a890f2e573990e2ecf3839ad70e5a88060ced78b719834fbb2387bb578341ba39b8930a0e0328b826bc4d7bf529f4194551232d723
- SSDEEP
  
  3145728:FUw4Mlb52h3yslb52h3yikWOvEVlDOZB931nMhAnvr8g6s:Kw9t52hJt52hQWOJZB93lcAnQs
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  102.0MB
- MD5
  
  0a6c656cb0c0e78ed325babd304409cc
- SHA1
  
  366e38c262b6a418546aabe8b9cde030419434e0
- SHA256
  
  efbd575c57021b5480dbb27bba6f3cf6e6b008b44638016adc121801fd8f615a
- SHA512
  
  7abf6d44c6cc31cc4ac0963c46ac1f6a6cfcb0742ae351821e2af3d04573083b4c9b75f23091c9509e3f45346bf6d05fd24267e271cee6708c03d37435ba3100
- SSDEEP
  
  3145728:fw4Mlb52h3yslb52h3yikWOvEVlDOZB931nMhAnvr8g6V:fw9t52hJt52hQWOJZB93lcAnQV
Score

1^/10
behavioral11 behavioral12
- Target
  
  resources/app/AppAssets/ApplicationFlags.js
- Size
  
  2KB
- MD5
  
  eec426654520914ac29fd910188d9aa1
- SHA1
  
  3ab11679c50e356619d9d904c218104d9675f1f5
- SHA256
  
  21f692e827529c26a6146543a86959622b48daa93dd05377ad4ea1cbdbeb5058
- SHA512
  
  fc465128aeab3f750570dd1ad68447ff987c0744a5f247e31dc9ee9508a1b433aa81a599f7a11f7b59d11b1b461eba483c5164c0c0c5b54c0fcb19d54ca9be5d
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  resources/app/AppAssets/Bitfield.js
- Size
  
  4KB
- MD5
  
  0e4f446393e985553f777ab9341e30f6
- SHA1
  
  20062783b81010a82a3e21ff90a5de94546ff72f
- SHA256
  
  094d6a93221c6f0be88328a1e8be06ddc8c9843075bea223496d265f566d38a9
- SHA512
  
  4699ade4a37cb22f1c2c78d1466de9e3a16907c1dbd41af78271f7737e0468aa87bd3e50098dc9457c057fd63e826c893ed61235cea5eb7f00969958ebb5c687
- SSDEEP
  
  96:yOQoBDbtHM5glSqsJ7+PYjcJ2mqwWdfezCrj2FTV9ll8DCS4r0rpgPH:DQoVbaaljnPYjXw+VrqcDCvrFH
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/app/AppAssets/DiscordShop.js
- Size
  
  741KB
- MD5
  
  8cf40ade0b0e7ebe0f4023af2d2f60eb
- SHA1
  
  2038013f56975d529ec101a3eefc952feb2999b2
- SHA256
  
  3f1d8e3fd7dd64d2e4acc833a68f606aaca9a14837af9b2c91a49e745b82d5f2
- SHA512
  
  4984697038b53594302af5d5471841c78ed4704294a2f66fdd73da1f4d30ddea457bf72283f5cfd3c9f13e9b6179be07a3c5df520deca35d56543cc2cc7f5840
- SSDEEP
  
  3072:4r0Cq83hxb29JYj8nvK0BkkvrEVr5Mr+DC4+Clh:4r0CNsYj8nvK0HvrEVr5Mr+DC4+Clh
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  resources/app/AppAssets/Experiments.js
- Size
  
  21KB
- MD5
  
  1515e66febd506faf987a2414a5dca4c
- SHA1
  
  723cd1ff1aceacebfb65f920de26148856240613
- SHA256
  
  3a6cd06b9a68d425fe503faf16a56f5fdb9343552de1c09b4ad007587a0b7ca5
- SHA512
  
  916142a0b3c82719163772b27a94599b3f56d2f5deda45ce45c0fc229eae23262c4f3dee903750f2b7f8d0de64e7ab9cc24f1927b467be703d10ab1701040859
- SSDEEP
  
  192:kKeCpIEBMxf8p93MxNc5cR6NEA7qiJsNg:kWpDBMxUr0c5cR6NEA7qNNg
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/app/AppAssets/Intents.js
- Size
  
  2KB
- MD5
  
  7803b137b33ba6a58d8e7ce2987f574e
- SHA1
  
  296e63a937701a01461b270f69371799f67dd711
- SHA256
  
  75c69ed27d24b2f3417ff02f851ba66e1ee5462be366706a686a4de10c69bc95
- SHA512
  
  c45fee222be883ee38c0d960119f310772b1133ee8d923e56d0088e185518bdc6c71509f3639980014a76476c829e0e2c56844125eeef39287de88993bd062fa
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/app/AppAssets/NitroData.js
- Size
  
  21KB
- MD5
  
  23bb7bf2ff7bd7c12e4d35a74d151849
- SHA1
  
  1d1a669aa4b0678580a8976efbcadf497f4cbdc0
- SHA256
  
  d012238f3079d967d7731e7d6716da994ba0c27e57b91621ef85c5a14a76aad4
- SHA512
  
  1a11b746da73f5b66fd48b4329ad14e86b9f35746e7837e91354bacd79b6f97314094b220ddaf64c9dbdc47ad7854a1824bcc50b498bf2e31ea799ce58b0f16f
- SSDEEP
  
  384:DqV0WsV0WBAzddAzdEx2Azd4zV0W/zV0WT2AzdczV0WMzV0WWAznAz2/zV0WNzVJ:R
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/app/AppAssets/SettingProto.js
- Size
  
  3KB
- MD5
  
  f88dc247ecacb86de53fdd1b79de7a41
- SHA1
  
  8991fda348f65f81ac83402de29b8ad026922783
- SHA256
  
  93ffcd24c9ba219847ec13e2a00ca4380f4f814b4bd8613fe824b34754b6038c
- SHA512
  
  d79142000f13605aa21adb40c9d6847c8bb373afd3a8fee373baa836c05b62cef71e23e55b0bc1c15e779b4b8173111d50419c487c347b136c76526de268e17a
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  resources/app/AppAssets/SnowflakeUtil.js
- Size
  
  3KB
- MD5
  
  398f94b779e39e62916b9bdbde8bdf77
- SHA1
  
  5a0ee4c9a6d372cf4526c45c1329ecd2e73db02e
- SHA256
  
  4315f5e89ec335a7b8ceeccd351dafdbab15577f5d3b59d21598fe55faa41c07
- SHA512
  
  8db4ce0967579782be5821d818da303c1aba4c247043333041e05517f660baeba0dfed62ab3ee23e20ccb4be769686436abd5d01cf4d25bdc1acca5d71894a85
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  resources/app/AppAssets/SystemMessages.js
- Size
  
  4KB
- MD5
  
  92fa5d5d185436207d617e054b0545cb
- SHA1
  
  a6ad357d0fd589eb61b0cbc2f65457d5e99d5c80
- SHA256
  
  b6a679e3a24f2085c435599d60e149c94d88b0cd088c1f27437195f1d6313e40
- SHA512
  
  54806c71871da86e9741096a7dca57887ae707972f53b345afdf812769a530d32e104a0834b98021f2437fcb6ae19a743e0ea3bdce17f24d00b27c3e95a59150
- SSDEEP
  
  96:FUU3MsRx09NxdUjgG3znd2qlVFG12qF/nHT/8+/vS+N4o:FURoe4znrEN5LD9+o
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  resources/app/AppAssets/UserBadges.js
- Size
  
  7KB
- MD5
  
  eb032adb02136469a205c1c20ae6b6e7
- SHA1
  
  b495dc4454b02f7bf6cdfc03e0dfba90bd6e6d0e
- SHA256
  
  39f071b27a663ae80e599930bcf34f5c61c3b5fab2be65443a26755602dc02cd
- SHA512
  
  58dfa6188c18ea8f94b08b25ab89a5b1a8600724cd65cc64438fdbe3bda296f242962696a714bfd81ed813a00a478a9add5f84fa3793db6bf921e0af6b532db6
- SSDEEP
  
  192:LW3lxnkKmbvTXeK9t/gWj6WF5Msnf8yTJvdDjrTFi65mPEjW:4xnkKevTuK9t/gWj6WF5Msnf8y9vdDjc
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32