Overview

overview

10

Static

static

3

updated.exe

windows7-x64

10

updated.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    updated.exe

  • Size

    590KB

  • Sample

    240223-y8v7eagd98

  • MD5

    b73c2ae4196590a4f76108fded52acbd

  • SHA1

    1715c23f3a4d174313f1c204f51b424e7902cede

  • SHA256

    57bbb821bfb4cb89a7919f5d5bf5b5f07f3f999fbaf80478631809cc1304dd52

  • SHA512

    ce01d87f7b8edbdb24c6a89e85377638cd5826be0f27afa442557645f6dc7bae81de0ef31988360b7e413a461b5d595b30bd425bf16ce15b68de32e38f7e4052

  • SSDEEP

    12288:bmBqOGY2myUDioW3w6xumhRZes+5Fcwt5oHCICpxZw6xKEBZTmV4:bcDq/osvwPoWpxBHBlm

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIxMDY4MTk1NTQyNzk1MDY4Mg.Gy5dHF.usUl_OuFhHY1gNEyIwlH2QhBUK8j2WHU94qm9Q

  • server_id

    1210681778017144962

Targets

    • Target

      updated.exe

    • Size

      590KB

    • MD5

      b73c2ae4196590a4f76108fded52acbd

    • SHA1

      1715c23f3a4d174313f1c204f51b424e7902cede

    • SHA256

      57bbb821bfb4cb89a7919f5d5bf5b5f07f3f999fbaf80478631809cc1304dd52

    • SHA512

      ce01d87f7b8edbdb24c6a89e85377638cd5826be0f27afa442557645f6dc7bae81de0ef31988360b7e413a461b5d595b30bd425bf16ce15b68de32e38f7e4052

    • SSDEEP

      12288:bmBqOGY2myUDioW3w6xumhRZes+5Fcwt5oHCICpxZw6xKEBZTmV4:bcDq/osvwPoWpxBHBlm

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks