General
-
Target
CrackMethod.exe
-
Size
10.3MB
-
Sample
250503-jltbzasnx5
-
MD5
3595326d6617235a676f8c8c463eeb56
-
SHA1
bc9ca6566b16126346dc22b05eddd9e0b486fd13
-
SHA256
f06ba40532dcff9fb33274736df81e56723f2daf2fd404452c5c57bf114e1258
-
SHA512
33b8eb7ee5eb7a0cc0121bce83dee5eedd92363c91e88ac516f10f4b9e7f6e8e177b1514bd513b96cf65bc737d9c041c8ecbbefcf27ec9fd2de7ad441b4d271b
-
SSDEEP
196608:3eMAnmXri4E/QzBn4cXzZMzzZTtshN9yOZwf2FT4tZQaAl+JSgnpL+:3Hi645Lsj9dZwf2yAlQT+
Static task
static1
Behavioral task
behavioral1
Sample
CrackMethod.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
discordrat
-
discord_token
MTM2Nzg2Mjg5NzQ1MTIwODk2NQ.Gx9ncb.vsL_LsFugQQKccYboZPqni28_ebCnaMh1_jZdU
-
server_id
1367435617499349002
Targets
-
-
Target
CrackMethod.exe
-
Size
10.3MB
-
MD5
3595326d6617235a676f8c8c463eeb56
-
SHA1
bc9ca6566b16126346dc22b05eddd9e0b486fd13
-
SHA256
f06ba40532dcff9fb33274736df81e56723f2daf2fd404452c5c57bf114e1258
-
SHA512
33b8eb7ee5eb7a0cc0121bce83dee5eedd92363c91e88ac516f10f4b9e7f6e8e177b1514bd513b96cf65bc737d9c041c8ecbbefcf27ec9fd2de7ad441b4d271b
-
SSDEEP
196608:3eMAnmXri4E/QzBn4cXzZMzzZTtshN9yOZwf2FT4tZQaAl+JSgnpL+:3Hi645Lsj9dZwf2yAlQT+
-
Discordrat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Modify Registry
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3