Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.exe

  • Size

    26.9MB

  • Sample

    240309-n6pazafd75

  • MD5

    f6d14262dedf30fe406a6a83bc285848

  • SHA1

    8fcffcb218cb7b759a26c3125d03246c9eb60308

  • SHA256

    9258d993b240a43e7c595db26b9f04a7e620a240a2ade29ab1daff528462a517

  • SHA512

    51075d388a5c280c999c37d182de08e4989f8ad2af4bb02c012c5f0e5fe5be99ea5579e3adab6e29653798110f77af9c78328aca7e9ac4054b4a8753ca01cad7

  • SSDEEP

    393216:vW3AUWON8SUpFLkl5J3TEaQMlPpSEh58UEmnoFDki+4Cs/nhKDX+m64qHIsn6P:+OOtUAljoaFfSAhr2Cs5KDXvqH3n6

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNDk0MjY0MDY0MzMxMzc0NQ.G2mhX6.W77F5TMZuCC1U8GHoOD8TxwembX1ccz-N2lX0U

  • server_id

    1205273351032143953

Targets

    • Target

      Setup.exe

    • Size

      26.9MB

    • MD5

      f6d14262dedf30fe406a6a83bc285848

    • SHA1

      8fcffcb218cb7b759a26c3125d03246c9eb60308

    • SHA256

      9258d993b240a43e7c595db26b9f04a7e620a240a2ade29ab1daff528462a517

    • SHA512

      51075d388a5c280c999c37d182de08e4989f8ad2af4bb02c012c5f0e5fe5be99ea5579e3adab6e29653798110f77af9c78328aca7e9ac4054b4a8753ca01cad7

    • SSDEEP

      393216:vW3AUWON8SUpFLkl5J3TEaQMlPpSEh58UEmnoFDki+4Cs/nhKDX+m64qHIsn6P:+OOtUAljoaFfSAhr2Cs5KDXvqH3n6

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks