Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RoShade.exe

  • Size

    88KB

  • Sample

    231112-wsz5baaf47

  • MD5

    7e775f593680509571a0500e5de66e05

  • SHA1

    c2b350ec2d335558682c1ac16ec3e2651f558440

  • SHA256

    9a867491752572d0242e09303705fc0cc8c6beffb3bb0557691e3f1d7732ef8d

  • SHA512

    2393bde62b580a434aa058aee813101ccc25a18562777d1cefeaf06dea4b3deb47a537ee6c9b60401739475a734e50fd61147de0f556a7fe14ede06114e1cda7

  • SSDEEP

    1536:JSMJ6+QqmQL4Cxc2pkcDJGIUOO+RNEyZE0GxSDDSeSnuxBMctdRbl:J1M+QqZEYucEKO30GkueSMBMO

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTE3MTQ3NDQ4NTE5NTU5MTgwMQ.G1uOMO.BdWbEh6r9O9EOIKSg-_9Xtb5_Y8XWzQ2TY7QWM

  • server_id

    1172664614979383457

Targets

    • Target

      RoShade.exe

    • Size

      88KB

    • MD5

      7e775f593680509571a0500e5de66e05

    • SHA1

      c2b350ec2d335558682c1ac16ec3e2651f558440

    • SHA256

      9a867491752572d0242e09303705fc0cc8c6beffb3bb0557691e3f1d7732ef8d

    • SHA512

      2393bde62b580a434aa058aee813101ccc25a18562777d1cefeaf06dea4b3deb47a537ee6c9b60401739475a734e50fd61147de0f556a7fe14ede06114e1cda7

    • SSDEEP

      1536:JSMJ6+QqmQL4Cxc2pkcDJGIUOO+RNEyZE0GxSDDSeSnuxBMctdRbl:J1M+QqZEYucEKO30GkueSMBMO

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks