General
-
Target
resource-hacker_fG3-Iu1.exe
-
Size
1.7MB
-
Sample
250704-vam7cswths
-
MD5
99a9fbd5fee72ce51585309390a46717
-
SHA1
ff39c56312090a909c2c0c82629c552a3b252a98
-
SHA256
833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa
-
SHA512
97f9a98fb48c8281818163d3dbe66fa246e1fe6a5a67f15175419992b0ca389cbe086e457177c21ce9c99ff05a1e0b508812cdf30220090a438dd8c94f73c6b7
-
SSDEEP
24576:R4nXubIQGyxbPV0db26Wmd0l4sv1Et9uGpckT52zedlq89Ws5uIzk5aM/phdO7:Rqe3f61mZSffPMWrQ0ZkA
Static task
static1
Behavioral task
behavioral1
Sample
resource-hacker_fG3-Iu1.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
resource-hacker_fG3-Iu1.exe
Resource
win11-20250610-en
Malware Config
Extracted
discordrat
-
discord_token
MTM5MDY5ODk5MjQ1NDcyOTczOA.GFCN2V.ZH9aS7DTgFXwbiUfe3PHscH7oBNSxPbJuaT2Bk
-
server_id
1386773804633821355
Targets
-
-
Target
resource-hacker_fG3-Iu1.exe
-
Size
1.7MB
-
MD5
99a9fbd5fee72ce51585309390a46717
-
SHA1
ff39c56312090a909c2c0c82629c552a3b252a98
-
SHA256
833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa
-
SHA512
97f9a98fb48c8281818163d3dbe66fa246e1fe6a5a67f15175419992b0ca389cbe086e457177c21ce9c99ff05a1e0b508812cdf30220090a438dd8c94f73c6b7
-
SSDEEP
24576:R4nXubIQGyxbPV0db26Wmd0l4sv1Et9uGpckT52zedlq89Ws5uIzk5aM/phdO7:Rqe3f61mZSffPMWrQ0ZkA
-
Discordrat family
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1