Extracted

• • Target

    test2.exe

  • Size

    592KB

  • MD5

    7dc72f30964d670b22fc35a480f0f985

  • SHA1

    bf399c8b55997be107ed55e91afee2e9d80c4848

  • SHA256

    462f1c87bba9782d4419b0b09556adea6f64834aac09a6c2154715f05d32a7a5

  • SHA512

    d0fda78024846dbaa6249aef12748d74182425ec0a0647187eaa475323ab553b17394e5900fbd7e5642e1c4c5ce2a2608557eb89b1b959bbb235ed65995104fe

  • SSDEEP

    12288:6nEiaPv33gyn5yKjgxZTH2zoQWb8+QknTnGR7U5FtfQiMQQZ6Jjej:6ET6KsxZTHQWb8+QGTnGRGfxLk

  Score

  10^/10

  discordratpersistenceratrootkitstealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2