Trojan.DiscordStealer.N

By CagedTech in Stealers, Trojans

Threat Scorecard

Popularity Rank:	14,562
Threat Level:	80 % (High)
Infected Computers:	564

First Seen:	February 8, 2022
Last Seen:	January 20, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.DiscordStealer.N
Packers:	UPX!
Signature status:	No Signature

Known Samples

MD5: 292932346f3d6656afc23dbcfff3c759

SHA1: 289e35d90948b5f3514352ccf545f2fae20d4ef9

SHA256: A47A4DEFD64F31F9CB4DB2542D0945D06E832F01BF47CB5942A89E585F671327

File Size: 6.73 MB, 6731264 bytes

MD5: 29557d433886611f1bc8f33e43ed7cc3

SHA1: 58c178f99fce2e54a9a293d57994e7c9a6b1fb21

SHA256: 1B1599257B1A844C58841AF4477EE768DE8AD576544DC0454C291AF3A01167A6

File Size: 520.19 KB, 520192 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Solaris2.hu
File Description	Solaris
File Version	1.0.0.0
Internal Name	Solaris
Legal Copyright	Copyright (C) 2022
Original Filename	Solaris.exe
Product Name	Solaris
Product Version	1, 0, 0, 1

File Traits

GetConsoleWindow
HighEntropy
No Version Info
packed
x86

Block Information

Total Blocks:	3,481
Potentially Malicious Blocks:	848
Whitelisted Blocks:	2,375
Unknown Blocks:	258

Visual Map

x 1 0 0 0 0 0 x x 0 0 x x 0 x x 0 x x 0 0 x x x x x x x x x 0 x x x x x x x 0 0 0 0 x x x x x x x x x 0 x x x x x x x x 0 x x 0 x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x 0 0 x x x x x x x x 0 x x x x x 0 0 x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x x x 0 0 0 x x x x x x x x x x 0 x x x x x x x x x x x 0 x x x x 0 x x x 0 x x x x x 0 x x x x 0 x x 0 x x x x 0 0 x x 0 x x x x x x x 0 x x x x x x x 0 x x x x x x x x x 0 0 0 0 x x x x x 0 x x x x x x x x x x x x x x x x 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 x 0 0 0 0 0 0 0 x x x 0 x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x 0 x x x x 0 0 0 x x 0 x x x x x x x x x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x 0 x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x 0 0 1 1 1 1 2 1 1 ? 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 ? ? ? ? ? x 0 0 0 0 0 0 0 x x ? x x ? ? ? ? x ? ? 0 0 0 0 ? 0 0 0 0 0 1 ? ? ? ? ? ? ? 0 ? 0 ? ? x x x 0 0 0 0 0 0 x ? x ? ? x ? ? ? ? ? 0 x ? ? 0 ? x ? x x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? x 0 x 0 x ? 0 ? ? 0 0 0 x 0 0 ? ? ? ? 0 0 ? 0 ? x x ? 0 x x 0 ? ? x 0 ? 0 x x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x x ? 0 0 0 0 0 0 0 0 0 0 x x ? x ? x x x ? 0 0 ? ? ? ? ? ? 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 ? ? 0 x ? x x ? 0 ? ? ? ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 x 0 0 0 x ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? 0 0 0 0 0 ? 0 0 0 x 0 0 x 0 ? ? 0 ? 0 x 0 ? ? x ? ? 0 x x 0 x 0 0 0 0 0 ? ? 0 x 0 x x x 0 x x x x x x x 0 ? 0 ? ? ? x ? 0 0 x x x x x x x ? ? ? x ? x x x x 0 0 ? ? x x ? ? x 0 0 0 x x ? x ? ? 0 0 ? ? ? 0 x x x 0 x x x ? x x x x x 0 x x x x ? ? ? 0 x x ? x x 0 x x ? ? ? 0 0 0 0 x ? ? ? x 0 0 0 ? x ? ? ? x ? x 0 x x x 0 ? x x x ? ? x x 0 x x 0 ? x x x x ? x ? 0 0 0 x ? 0 ? 0 ? 0 x ? ? 0 x x ? 0 0 0 x x 0 0 x ? x ? x 0 ? ? x x 0 ? ? 0 x x 0 0 0 0 x x x 0 x ? ? x 0 x ? ? 0 0 ? ? ? 0 0 ? x x 0 x ? x x ? ? ? x 0 x x ? 0 ? 0 0 0 x ? 0 0 0 ? ? 0 ? ? 0 ? 0 0 0 ? ? ? x x 0 0 x ? ? ? ? ? ? 0 ? ? x 0 0 0 x ? ? 0 ? 0 0 0 x ? ? ? x ? x ? ? x ? ? ? ? x x x ? ? ? x x ? ? ? ? 0 ? 0 x ? x x ? ? ? 0 0 0 0 x ? ? ? ? 0 x ? 0 ? ? x ? ? x ? x x 0 x 0 x 0 x 0 x x ? ? ? x ? ? x ? x x x ? ? x x x ? x x x ? x x 0 x x ? x x ? 1 ? ? ? x 0 x x ? x ? ? ? 0 x ? ? x ? 0 ? x ? ? ? x 0 x x x ? x 0 ? ? ? ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 1 1 1 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 3 1 1 1 1 0 1 1 1 0 0 0 0 0 2 0 0 2 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.BT

Files Modified

File	Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_32.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\locale.cfg	Generic Write,Read Attributes
c:\users\user\downloads\metin2.cfg	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	技쁶ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\58c178f99fce2e54a9a293d57994e7c9a6b1fb21_00005201926418d6290007f000::name	58C178F99FCE2E54A9A293D57994E7C9A6B1FB21_0000520192	RegNtPreCreateKey
HKCU\software\microsoft\directinput\58c178f99fce2e54a9a293d57994e7c9a6b1fb21_00005201926418d6290007f000::usesmapper		RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	58C178F99FCE2E54A9A293D57994E7C9A6B1FB21_0000520192	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	58C178F99FCE2E54A9A293D57994E7C9A6B1FB21_00005201926418D6290007F000	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::version	ࠀ	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	ᕅ郹覣ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini		RegNtPreCreateKey

Windows API Usage

Category	API
Network Winsock2	WSASocket WSAStartup
Network Winsock	closesocket connect freeaddrinfo getaddrinfo recv send setsockopt
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Keyboard Access	GetKeyState

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.DiscordStealer.N

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Agent.LFB

Trojan.PrintSpoofer.D

Trojan.Agent.IFSC

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...