Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bang_executor.exe
-
Size
664KB
-
Sample
240220-bdxqesha39
-
MD5
10185ad8a3e6917c2f81ec3094b66e8e
-
SHA1
9c3282bb6d64274182e1202d10d82df43ab69fd6
-
SHA256
f30580d896f81b395049c5dd97eba5cfe786d815aa8d45df8cd1e782ee2de58f
-
SHA512
88436979af01ca8402bd15aa6ed2024151112c930868f78364d340117f715e0d9383d919623dcf6547f0038b27f90ede257d62db17e9ee2060eae743d05b2347
-
SSDEEP
6144:3E+yclwQKjdn+WPtYVJIoBf4xX26I6DqJMeRzBrvQNQ5rHeIOohWy0yf:3BdlwHRn+WlYV+Rp2yEMeRzdvY+Oov
Malware Config
Extracted
discordrat
-
discord_token
MTIwODA1NzI2MjQwNTQ1MTgxNg.GHdoEv._ZZxMSdlA1-6GNUWIkOqA45H5x0bHFbTgSRFuM
-
server_id
1097447165732868126
Targets
-
-
Target
bang_executor.exe
-
Size
664KB
-
MD5
10185ad8a3e6917c2f81ec3094b66e8e
-
SHA1
9c3282bb6d64274182e1202d10d82df43ab69fd6
-
SHA256
f30580d896f81b395049c5dd97eba5cfe786d815aa8d45df8cd1e782ee2de58f
-
SHA512
88436979af01ca8402bd15aa6ed2024151112c930868f78364d340117f715e0d9383d919623dcf6547f0038b27f90ede257d62db17e9ee2060eae743d05b2347
-
SSDEEP
6144:3E+yclwQKjdn+WPtYVJIoBf4xX26I6DqJMeRzBrvQNQ5rHeIOohWy0yf:3BdlwHRn+WlYV+Rp2yEMeRzdvY+Oov
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Modifies security service
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1