General
-
Target
Launcher.exe
-
Size
12.0MB
-
Sample
250503-pxm7zssxfv
-
MD5
029c99a29dc6529c8a8c9953005d3af9
-
SHA1
d4085f84bc6459f4398cc36bdc61b95782a55697
-
SHA256
a8731ec248d5acf168211386a8696a419dfc420fb80eabc8999c198f9d8414ab
-
SHA512
f5446cea66225b3ac77e41099964ff9c71182a6c5d3b0ab71c62ea0feb675084f513656fe2ff628b13f6b5ce7ed3ffdd1759bda731da87f90c54e3ee9b5d904b
-
SSDEEP
98304:R3Iu4+DcNoST67eJamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2H6RjE:RYp+DyTMeNoInY7/sHfbRy96RjA041
Behavioral task
behavioral1
Sample
Launcher.exe
Resource
win11-20250502-en
Malware Config
Extracted
discordrat
-
discord_token
MTM2Njg3ODc3MDE2MTY0Nzc3Nw.G-IZTJ.N8Jaao_9e0eCVGOJFOrU0lZAYXxOf02xMVX9uk
-
server_id
1366871247698526329
Targets
-
-
Target
Launcher.exe
-
Size
12.0MB
-
MD5
029c99a29dc6529c8a8c9953005d3af9
-
SHA1
d4085f84bc6459f4398cc36bdc61b95782a55697
-
SHA256
a8731ec248d5acf168211386a8696a419dfc420fb80eabc8999c198f9d8414ab
-
SHA512
f5446cea66225b3ac77e41099964ff9c71182a6c5d3b0ab71c62ea0feb675084f513656fe2ff628b13f6b5ce7ed3ffdd1759bda731da87f90c54e3ee9b5d904b
-
SSDEEP
98304:R3Iu4+DcNoST67eJamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2H6RjE:RYp+DyTMeNoInY7/sHfbRy96RjA041
-
Discordrat family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3