Edit tour
Windows
Analysis Report
SecuriteInfo.com.Win64.PWSX-gen.24850.22028.exe
Overview
General Information
Detection
Discord Token Stealer
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Discord Token Stealer
Found Tor onion address
Tries to harvest and steal browser information (history, passwords, etc)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Yara signature match
Classification
- System is w10x64
- SecuriteInfo.com.Win64.PWSX-gen.24850.22028.exe (PID: 7496 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Win64.PWSX -gen.24850 .22028.exe " MD5: A4D2A484E1F0BF11169FDA433A385F7F) - conhost.exe (PID: 7504 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DiscordTokenStealer | Yara detected Discord Token Stealer | Joe Security | ||
OlympicDestroyer_1 | OlympicDestroyer Payload | kevoreilly |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DiscordTokenStealer | Yara detected Discord Token Stealer | Joe Security | ||
JoeSecurity_DiscordTokenStealer | Yara detected Discord Token Stealer | Joe Security | ||
JoeSecurity_DiscordTokenStealer | Yara detected Discord Token Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DiscordTokenStealer | Yara detected Discord Token Stealer | Joe Security | ||
OlympicDestroyer_1 | OlympicDestroyer Payload | kevoreilly |
| |
JoeSecurity_DiscordTokenStealer | Yara detected Discord Token Stealer | Joe Security | ||
OlympicDestroyer_1 | OlympicDestroyer Payload | kevoreilly |
|
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Static PE information: |
Networking |
---|
Source: | String found in binary or memory: |