Overview

overview

10

Static

static

10

Panal 3d.exe

windows7-x64

10

Panal 3d.exe

windows10-2004-x64

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

7

�����.pyc

windows7-x64

�����.pyc

windows10-2004-x64

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Panal 3d.exe

  • Size

    8.0MB

  • Sample

    240202-stxh2abdgj

  • MD5

    ccbf0ffe101050cfcee62f753704e0e0

  • SHA1

    cf70209fc0cde705a6140f312f00e21645607d47

  • SHA256

    b5731cf4ba56ddcd02017d2fbf7f4713391d1c8fbb5f48bc8f7d28784682443f

  • SHA512

    3b779c9b0b84a3805a88f1109fda51a33b6547625653bfe65e5a1891d7afe2458ae1507607a217c320bae356777fb22b22d2f9605593d6cc06db3ca9167bc042

  • SSDEEP

    196608:4vkYNsMMlbshiKt1+NyDszizLatIWXWrgfCcU4w:4vkYelbshj1+NbzizLDHrg9Hw

Score
10/10
blankgrabberdiscordratpersistenceratrootkitstealerupx

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwMjY0NTQ4MTE1NTcyMzMzNA.G6wgBI.2oRVj4YxDTKM8TSrsRNvAshgeJv9FC0pJXt6YE

  • server_id

    1202645099088056350

Targets

    • Target

      Panal 3d.exe

    • Size

      8.0MB

    • MD5

      ccbf0ffe101050cfcee62f753704e0e0

    • SHA1

      cf70209fc0cde705a6140f312f00e21645607d47

    • SHA256

      b5731cf4ba56ddcd02017d2fbf7f4713391d1c8fbb5f48bc8f7d28784682443f

    • SHA512

      3b779c9b0b84a3805a88f1109fda51a33b6547625653bfe65e5a1891d7afe2458ae1507607a217c320bae356777fb22b22d2f9605593d6cc06db3ca9167bc042

    • SSDEEP

      196608:4vkYNsMMlbshiKt1+NyDszizLatIWXWrgfCcU4w:4vkYelbshj1+NbzizLDHrg9Hw

    Score
    10/10
    discordratpersistenceratrootkitstealerupx

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      Built.exe

    • Size

      7.9MB

    • MD5

      d14cad014aff643129e2ef0914ee927f

    • SHA1

      2a29f2c8b9070c5c4fa25263554538d5f609a628

    • SHA256

      196df03961ebe440cef5c74a736fbd90c08d7fb14c1818950c283f55e5d16c66

    • SHA512

      fd7ab8a5b1bce51b4b63e421d44b1908d802605d6383974908149c786a4eb8094c843c9760ce012cacc5c8936969a8d27f593c0619beae552ff84edafdd4cf2f

    • SSDEEP

      196608:01Y26neSOshoKMuIkhVastRL5Di3upIG21D7dJM:+Y2pSOshouIkPftRL545RDM

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      �����.pyc

    • Size

      1KB

    • MD5

      001d751728a30b368c974f3fcba2e255

    • SHA1

      250047e62e5bf96d0c28e21cced41fc380005f39

    • SHA256

      bd7eac0bc93882da56a541852a796123a31e03c2d640c013a49239217922f1ce

    • SHA512

      0eb55806916d54b607c2a3439757e13cba7949a7ae7e6c09babd3888a20fce39f8e73c22935790a8c2e05c7fd8b3b0c6aabe73b03da299ce463bd7cc50aab085

    Score
    1/10
    behavioral5behavioral6

    • Target

      Client-built.exe

    • Size

      78KB

    • MD5

      4dcbcac4bc712059ec62b6276bd8be7e

    • SHA1

      b51ebfde67f73153031951f42bfcf63bb6968c1a

    • SHA256

      f45da39779bfeb23449fd590fba6c1060c76c1d645ab353c4805e6147a19f881

    • SHA512

      a64c8c1af31045e8e3c8cb68ba05365ce6b97b6cdf343df1ae2dfa50aac560ca4bd14f6ef7c068050fc5a7c8d318c9d8b4f677bb0309e986a6968b29d6f0ae1c

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+TPIC:5Zv5PDwbjNrmAE+LIC

    Score
    10/10
    discordratpersistenceratrootkitstealer
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks