Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com/m...

windows10-1703-x64

1

Resubmissions

03/07/2023, 08:06

230703-jzrqasfe76 1

02/07/2023, 20:45

230702-zj1w2adf44 1

Analysis

  • max time kernel
    286s
  • max time network
    247s
  • platform
    windows10-1703_x64
  • resource
    win10-20230621-en
  • resource tags

    arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/07/2023, 08:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2464
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4776
    • C:\Users\Admin\Desktop\Release\Discord rat.exe
      "C:\Users\Admin\Desktop\Release\Discord rat.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4748
    • C:\Users\Admin\Desktop\Release\Discord rat.exe
      "C:\Users\Admin\Desktop\Release\Discord rat.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4300

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            471B

            MD5

            6fe591eda8a5298312a36630f5e00de9

            SHA1

            e33454cdb04272145c12bc17c9f0edf9aa5e6633

            SHA256

            6b792fbfd134e94e30d56b9ca265385b70f4665b710868d1f703061a7925a762

            SHA512

            dee9cb5120a18ae3e9855df3994cdf9d0f93162c659e8d331c766be5e67ea75dd051b7bfa399aca286cfa2a1544feb99e13643c1f4fedf178698111a87f9aed4

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            404B

            MD5

            a1381109d9223cd0da605821f4df2e1e

            SHA1

            53edaf5281098abc550e3a6d0c1c303f93269778

            SHA256

            ddafd7324e5c3ea31e11f8482a3a49ab7598b0c58c7cde3f17a4e671ae37f34b

            SHA512

            0767a33eb7dbc386075bd6680a68d5f067d26cbd4d7f732d26ac62c36df5a82b133f7e36e967e37911e404ff613188c5da73fd91607af462d1d386f203797e14

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P3DC16NS\release.zip.f8k88ho.partial
            Filesize

            445KB

            MD5

            06a4fcd5eb3a39d7f50a0709de9900db

            SHA1

            50d089e915f69313a5187569cda4e6dec2d55ca7

            SHA256

            c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

            SHA512

            75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XGKDZR89\release[1].zip
            Filesize

            445KB

            MD5

            06a4fcd5eb3a39d7f50a0709de9900db

            SHA1

            50d089e915f69313a5187569cda4e6dec2d55ca7

            SHA256

            c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

            SHA512

            75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IDSXGOZD.cookie
            Filesize

            609B

            MD5

            be18524a309c8ad37d42121208b2aa24

            SHA1

            f3a3cbd82919f0387f71d8caedf0585336e9fa34

            SHA256

            732f5db857e652d98b4320cb1f589c6b75349bc2e9248713ce4ac69725906c35

            SHA512

            49066b68ecda82db851022ed5efc892b21af888531d80d618a865e7fb1cd141b3b0bc7a425ac988c025b43d6c09c7d01b1c705ea54533d849d6a1e03aef0de1a

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XN0YB168.cookie
            Filesize

            608B

            MD5

            fbe27ac7d0a64f0c3504408769c8a017

            SHA1

            48c979aca00703f26d3b94172285cd958847495f

            SHA256

            0b10c17a86a44059493d468a5b75779bad6f6ffdf5c2c0bc6cf627cd8d33019b

            SHA512

            97bf01de1d54bdd5a9b7f2a634f5b62765aa4195fc124daac8677b85c8ff6fb10c855119bf9426fbed3d0a4d6cba904c88037b27810a7c41829b0f153938a2b5

            Download Submit

          • memory/4300-190-0x000001C96A820000-0x000001C96A830000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4300-191-0x000001C96A820000-0x000001C96A830000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4748-185-0x000001D1D8600000-0x000001D1D8618000-memory.dmp

            Filesize

            96KB

            Download

          • memory/4748-186-0x000001D1F2C50000-0x000001D1F2E12000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/4748-187-0x000001D1DA380000-0x000001D1DA390000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4748-188-0x000001D1F3350000-0x000001D1F3876000-memory.dmp

            Filesize

            5.1MB

            Download

          • memory/4748-189-0x000001D1DA380000-0x000001D1DA390000-memory.dmp

            Filesize

            64KB

            Download