Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RoShade.exe
-
Size
88KB
-
Sample
231112-wsz5baaf47
-
MD5
7e775f593680509571a0500e5de66e05
-
SHA1
c2b350ec2d335558682c1ac16ec3e2651f558440
-
SHA256
9a867491752572d0242e09303705fc0cc8c6beffb3bb0557691e3f1d7732ef8d
-
SHA512
2393bde62b580a434aa058aee813101ccc25a18562777d1cefeaf06dea4b3deb47a537ee6c9b60401739475a734e50fd61147de0f556a7fe14ede06114e1cda7
-
SSDEEP
1536:JSMJ6+QqmQL4Cxc2pkcDJGIUOO+RNEyZE0GxSDDSeSnuxBMctdRbl:J1M+QqZEYucEKO30GkueSMBMO
Malware Config
Extracted
discordrat
-
discord_token
MTE3MTQ3NDQ4NTE5NTU5MTgwMQ.G1uOMO.BdWbEh6r9O9EOIKSg-_9Xtb5_Y8XWzQ2TY7QWM
-
server_id
1172664614979383457
Targets
-
-
Target
RoShade.exe
-
Size
88KB
-
MD5
7e775f593680509571a0500e5de66e05
-
SHA1
c2b350ec2d335558682c1ac16ec3e2651f558440
-
SHA256
9a867491752572d0242e09303705fc0cc8c6beffb3bb0557691e3f1d7732ef8d
-
SHA512
2393bde62b580a434aa058aee813101ccc25a18562777d1cefeaf06dea4b3deb47a537ee6c9b60401739475a734e50fd61147de0f556a7fe14ede06114e1cda7
-
SSDEEP
1536:JSMJ6+QqmQL4Cxc2pkcDJGIUOO+RNEyZE0GxSDDSeSnuxBMctdRbl:J1M+QqZEYucEKO30GkueSMBMO
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-