Extracted

• • Target

    hgvj.exe

  • Size

    593KB

  • MD5

    cd7ea040328d5a26e9db4e3fe252b840

  • SHA1

    9be79e3a740718d1b7f92c9e5a1ce0b782e47386

  • SHA256

    260ad25ba866a0c2c53fb170fa87debbf9041a87b70a0c632786adf379c2db3a

  • SHA512

    4e6372353c81180631ffd2378a53b2dc53408dd1e831b020eced199b1a8b5aeb53631e4e0fc1784c7e7848fd036b056ae16a78ee77dc3479c0960b576c82b86e

  • SSDEEP

    12288:54MQmjJfELB92d9b0G8vdqk20H/ORA0y5ZU9E5bjJo9l:54MNJCM74vHGRY5+9OnJ

  Score

  10^/10

  discordratpersistenceratrootkitstealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2