Overview

overview

9

Static

static

1

Discord-Ni...in.zip

windows10-ltsc_2021-x64

9

Discord-Ni...ort.md

windows10-ltsc_2021-x64

3

Discord-Ni...ig.yml

windows10-ltsc_2021-x64

3

Discord-Ni...est.md

windows10-ltsc_2021-x64

3

Discord-Ni...ate.md

windows10-ltsc_2021-x64

3

Discord-Ni...ICENCE

windows10-ltsc_2021-x64

1

Discord-Ni...DME.md

windows10-ltsc_2021-x64

3

Discord-Ni...le.png

windows10-ltsc_2021-x64

1

Discord-Ni...go.png

windows10-ltsc_2021-x64

1

Discord-Ni...ain.py

windows10-ltsc_2021-x64

3

Discord-Ni...ts.txt

windows10-ltsc_2021-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Discord-Nitro-Generator-and-Checker-main.zip

  • Size

    138KB

  • Sample

    250331-sd2g2sstcz

  • MD5

    27cb01bbd9a4c072c5a11a5696ef3884

  • SHA1

    45edd6031dd4e6f68f7dcdd42930000201afdd6b

  • SHA256

    aba7c2b7ebc6c30c640d0b9560a39411e91862434633d049b8195ee64ef42686

  • SHA512

    d44d1bfd471776fa42ec62e804ccad968624cb8ca167b770d0ae0169e3418c3a4a173ac420d3d7c4376ce849a6b9564458bd79de449e146474da566cbb9eba09

  • SSDEEP

    3072:ychFzSbABmPNGPgskDECWfqou2Ofdn/60y7nW7MyhG97p/2RwAh:rLzSb3PN0gs6TWfqonOloYG9deRwAh

Score
9/10
defense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Discord-Nitro-Generator-and-Checker-main.zip

    • Size

      138KB

    • MD5

      27cb01bbd9a4c072c5a11a5696ef3884

    • SHA1

      45edd6031dd4e6f68f7dcdd42930000201afdd6b

    • SHA256

      aba7c2b7ebc6c30c640d0b9560a39411e91862434633d049b8195ee64ef42686

    • SHA512

      d44d1bfd471776fa42ec62e804ccad968624cb8ca167b770d0ae0169e3418c3a4a173ac420d3d7c4376ce849a6b9564458bd79de449e146474da566cbb9eba09

    • SSDEEP

      3072:ychFzSbABmPNGPgskDECWfqou2Ofdn/60y7nW7MyhG97p/2RwAh:rLzSb3PN0gs6TWfqonOloYG9deRwAh

    Score
    9/10
    defense_evasiondiscoverypersistenceprivilege_escalation

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

    • Target

      Discord-Nitro-Generator-and-Checker-main/.github/ISSUE_TEMPLATE/bug_report.md

    • Size

      761B

    • MD5

      d9dfdf94c25be3af2fdfc21a3c884015

    • SHA1

      50ca8aad1c063db3f964c4623d89b37bcb23f7e2

    • SHA256

      3447388a83174399f54edaf0281b289883cf06d6e4485dc4b6c59e207c8c89c7

    • SHA512

      154bc39b255008e3a655999b0e02cf410d9626ad35ddc6b58aa8656e514c07e8b29c9bce1e74813b04e2b305415b9bdd4bab30e9a7ec4c398ea2e2d1f80db92d

    Score
    3/10
    behavioral2

    • Target

      Discord-Nitro-Generator-and-Checker-main/.github/ISSUE_TEMPLATE/config.yml

    • Size

      176B

    • MD5

      ed06719b4da6404c3eb97788d96f0c39

    • SHA1

      241c840a9390f1177a5639056a167ba58e833f9b

    • SHA256

      14a01407714c938518d5a3224a0535b48cc3cdf8dfc5becc899e6b069808e5fd

    • SHA512

      92053a5016e399c90b808a30bc9709b8ab51f5342065d73dc3c026b72d992a95a9063cea779d380b3aae5e7a7c5ae1084d2cb19620126d0167b444c2aa2888e3

    Score
    3/10
    behavioral3

    • Target

      Discord-Nitro-Generator-and-Checker-main/.github/ISSUE_TEMPLATE/feature_request.md

    • Size

      595B

    • MD5

      174545e1d9daff8020525fdd1e020411

    • SHA1

      f6867a2f0417fe89a0f2008730ee19dd38422021

    • SHA256

      1f48c52f209a971b8e7eae4120144d28fcf8ee38a7778a7b4d8cf1ab356617d2

    • SHA512

      b18005cfe7409fde541b934131c32c2eecdc4a8fd62cd558f274a25262c0e6b0b8fd27674ee55d6d4e4c435d49d580a077181fe8b15b095c39736b01ff4ee537

    Score
    3/10
    behavioral4

    • Target

      Discord-Nitro-Generator-and-Checker-main/.github/pull_request_template.md

    • Size

      484B

    • MD5

      1c233fdd253484959a781d0bdddd39f1

    • SHA1

      25932785e9d403255be00451a94ea8c61b140cbc

    • SHA256

      4ef6b953a091a8489afc32bf2a6d9b2f51c9d8621d2cc6997fe4dab4db3a1f50

    • SHA512

      bd984cdd9077f36eefa321e532b63005f4b46a39f928b083b56f03a519ca134582069060de187c7617fb7d36ca8d0afb55f4c9835183e9708a6c44b4809af0de

    Score
    3/10
    behavioral5

    • Target

      Discord-Nitro-Generator-and-Checker-main/LICENCE

    • Size

      1KB

    • MD5

      580749ff880d092a5eb2b30f438eb862

    • SHA1

      4e2fe0d2ae85716c87f6437f1c76951c75f1d9e9

    • SHA256

      fceba42f83c3f01e4f11ca43c85b473ea9b0e773abf3f6ae2ca08e585474cae4

    • SHA512

      50be18b88be43ef2f5e61893c19caade8f71d21fb195b149d9e79b2f90df6290f88cce39ff454320d2f0d925334ed7e7386b64cfc7c5ca62e7959b799ed3df7f

    Score
    1/10
    behavioral6

    • Target

      Discord-Nitro-Generator-and-Checker-main/README.md

    • Size

      5KB

    • MD5

      5856ef61f3ab6188b1954e4f3d9e2008

    • SHA1

      c7062d7c1111e62da04d262cbb1fc392efd96721

    • SHA256

      67b9846ac5a4857d7292542bebf142518e814049fbabe6247b61fffa6fe6149d

    • SHA512

      498889ce794155eda86d275deb874ce0bf21ac4a615a88d28dd10b5ee07b653effd849bd460d85970b16269c92db78237a41925f4ce639f2ec5bc858249689f9

    • SSDEEP

      96:YhSSSTS0wS0rk3yOnllaOHd3KKnOGvPC8PsbRHnoz2:GQlaq/TPCfRHnu2

    Score
    3/10
    behavioral7

    • Target

      Discord-Nitro-Generator-and-Checker-main/assets/example.png

    • Size

      120KB

    • MD5

      76bf5360fbc4dd0a226eb000851ba618

    • SHA1

      22bcfbdecb314ef9a37f0e939f7e0210c1fa179f

    • SHA256

      ad64767be550b8d879704837fdc7b7a5ae9fde632b19bdab8eaa2678a1fc6953

    • SHA512

      e362b8c72f13e92e842f0e11682d3f397b24b4c1d01ad4da4af3d896438a60bb59b7be32f0570fca2a6be0e578bbf1111a7ef63199bd1e732e607a9c981d3151

    • SSDEEP

      1536:z0ziNSSg7znvzzQZJTGrQhDmNJe1AoJgN747kIpfpIz3lq/EB8GLVXYxzfh4sM25:zZYtvUUQYgOrN77up2sHNxzfh4oLEY

    Score
    1/10
    behavioral8

    • Target

      Discord-Nitro-Generator-and-Checker-main/assets/logo.png

    • Size

      12KB

    • MD5

      2d0dd8f1459e12eff5255d3186f93a08

    • SHA1

      44a95e1006ded6c242c110ea743cad929be8917f

    • SHA256

      8cd0689260de7b70b10dabdbaebbf25c159b45c0a382805d1039054487181d45

    • SHA512

      f81fc6e9a661f19d7726336a6c46c158f76429b9b246adde05f16448d979708e64650778454fc21e1cff70aae1ccdc245ce916a9985315929389a63a3efe372d

    • SSDEEP

      384:HClpgOddInr82HotJJ9pP/DtVg4kEkVOzkiZ:qvddInQqotVV/rTkEkVOzkiZ

    Score
    1/10
    behavioral9

    • Target

      Discord-Nitro-Generator-and-Checker-main/main.py

    • Size

      9KB

    • MD5

      9e5ae8700307a28c5dce70de7cbac0ca

    • SHA1

      6b1d93b55b999d0b26b892c8e04feeaf135a335b

    • SHA256

      0cea085efa84ce9984c3309af33bc0d5fb80805234640488b7e0ced2294f46b6

    • SHA512

      5e010795ecb62ea5446df604d7af8d940ed6e1746322eaf0744a9b72053936eaa690c50ee5fb35e26560f98283aff124661d51f643cf3d99551325c4c0952709

    • SSDEEP

      192:E3RHnPQYk2aPybZNYwxWxf5eJofzreVydW390Rgd6VJEZKZ2cWPay:E3ZPoSWi390aYUL99

    Score
    3/10
    behavioral10

    • Target

      Discord-Nitro-Generator-and-Checker-main/requirements.txt

    • Size

      38B

    • MD5

      e8d5549f6b6410b59f79227768291edb

    • SHA1

      57b4625e8d06fab9e1a3c70ade7b545bf9bd81c5

    • SHA256

      9f7a1b14620c60f7a264766ac7a6efcd4ddf0aa4120b9d017543b321423eac86

    • SHA512

      0f39be5acaa0c7d9555fb90e835804f1aa936eef9998c3ecfa3bf9da3069c452b3e8ad02e205b28b555fca59bdbb274a8995c38ec1d33c8bc94f9876023326a4

    Score
    1/10
    behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

2
T1553

Install Root Certificate

1
T1553.004

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Network Service Discovery

1
T1046

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks