Extracted

• • Target

    Rino's Discord Account ToolKit/Rino's Discord Acount toolkit.exe

  • Size

    12.2MB

  • MD5

    cdc81da043cabb61816f918cc3ffc632

  • SHA1

    c7c4371dacb34c40e5b918bf899f408b18fbe6ae

  • SHA256

    3c8640d80b6fd56b31cd595276975c689e18b9184c27bfc92be319c014f2e05d

  • SHA512

    187b4b4fdb40ac4a26a9a569557189a667187302b9a6eb2e7181d4c00d2051d94bd7958263f62792b7c01c828726760667e1fc7cd718fff40896821f80af8092

  • SSDEEP

    196608:lrMQ8CGnMjYBptuSBeOdOVgVRO+AzLjv+bhqNVoBLD7fEXEoYbiIv9VSEXvvk9fs:1GaGtuSPzRgnL+9qz8LD7fEUbiI6NQca

  Score

  10^/10

  upxevasion

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2behavioral3

• • Target

    Rino's Discord Account ToolKit/Rinos_Discord_Account_ToolKit.exe

  • Size

    4.3MB

  • MD5

    a7553cc8ad2b91025f5bfb532090d2b6

  • SHA1

    5326aeb29d57118faaad3af9946584b87ad7f0d0

  • SHA256

    6aeee8b13c11c4157a2a92a38270c30af85fb060e5ccf3ef54994d2c3a1cf5b4

  • SHA512

    1a62dec71262fcf6561cf6ea615f9cb0a4d9d495e8759ab62b5980f6ad4211effce2e3f0726e69afb55441999e264ea25512db0e6d584d4c7e3c949429c9b81c

  • SSDEEP

    98304:XIPanxb7sGW9NcEJn5kKxGOd82SqTxaA/XjOqC1kIq9o8ha:Ys7sGqNcLGGOJSeV7L9o

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral4behavioral5behavioral6