discordrat | 5ac7d084908338850bf604c18e0fa43067b1bc658594c4d4f46efa7e94675885

Resubmissions

29-05-2024 15:18

240529-splwqsac6s 10

15-03-2024 19:02

240315-xp2z6sae24 10

Analysis

max time kernel
90s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
15-03-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Shiba.Gold.Cracker.By.DoomMonkey.exe
Size

78KB
MD5

5f0c503f9879fdcd0c58d6d25dc11c8e
SHA1

ad6a927bfd33a8dc772c6a1cd9380ef6feabd277
SHA256

5ac7d084908338850bf604c18e0fa43067b1bc658594c4d4f46efa7e94675885
SHA512

aaea53d46fdbe40aeaa4db1766c1a7211da1e995505d237e55906f7a5340dcd1ae59ef0a0a54979be22192e2b9f82a00f397f9801413a49fa0fc6251f7ffb054
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+XPIC:5Zv5PDwbjNrmAE+fIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNzkwODIwODcxMDk3OTU4NA.GJ451F.r77u2gru79ROz_Fr4eZeiUxMHeFR-vOBN8WSeE
server_id
1209487993325359134

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2288	Shiba.Gold.Cracker.By.DoomMonkey.exe

C:\Users\Admin\AppData\Local\Temp\Shiba.Gold.Cracker.By.DoomMonkey.exe
"C:\Users\Admin\AppData\Local\Temp\Shiba.Gold.Cracker.By.DoomMonkey.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2288

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\AssertRequest.ico

Filesize
370KB

MD5
d9501daf543e93fb029462f04f0c601d

SHA1
c630d9e59abc234900e75f463646526b98d9f803

SHA256
8305f5db86ff5de107dae5a9cbc8033c73510c2e4729e0223d5631044c4b7d89

SHA512
5acdff8fb9f9ee84fc41b94373b8652a2e5a2e73f0b06b4fbd9ef07034c65708ec7c43e544349b8da61a690e84c65635e4fb24ffcba7893a50c77984ddfa40a8

Download Submit
C:\Users\Admin\Desktop\BackupExpand.wdp

Filesize
557KB

MD5
196e3d58b2bbf3cef622548f0fbc3c69

SHA1
70679c258811658e46e98bbcfdb26963dac591a5

SHA256
7c9966a42b8ee6ae1ba536bb3f7d6365ba3ba1c76efcf73c903fc3f65b1aea4b

SHA512
eaa50fc6dba0affc47780298c5d9a00777e2b0e303227e62b0aff515b464b1214ac9af466a8a7b010b459cf353dd15d9068b5ef56e7be67f2caa91fcca61949e

Download Submit
C:\Users\Admin\Desktop\CheckpointFind.reg

Filesize
208KB

MD5
4e9dc2f9878a681eda93c808acf12a02

SHA1
539cc7434620bbbdadbee5b0d08e96de41066f92

SHA256
4ab092c1dd47d2f6a01ef4bd3d75f80dccc5662f151833099a8790745e2dbc61

SHA512
a09004a67cc1b7910b11f6933432f2d4d1c1772024bb3bac6d44213ae7670e88d11b32aee85672b0dffbb3856a7d0467315603daff9b7c3a2142204c5417f869

Download Submit
C:\Users\Admin\Desktop\CompleteImport.ppt

Filesize
337KB

MD5
3288e4851f57d4d888b669d32a61806d

SHA1
635b82256f492f11436fe9b887d4e4e57cb5a17e

SHA256
264625e3da22702cbeddff814d7ec9a5f37ab0cae41dfd6e36409adafedf37d7

SHA512
e7e9a89661d1620bcfa417811c0e8996c02e3a24477b64124e433668a48e291ae8044521b7797360889fd8ce944ada3d298e204949a39310661905cbe957dd1f

Download Submit
C:\Users\Admin\Desktop\CompressPop.AAC

Filesize
356KB

MD5
3442b6224ec9dd800f27013ae038dcda

SHA1
7d65eec4285de47f91404de1a41b7bb590fc1d0e

SHA256
d59d7768e9f948b5ae91cfa3e837f7a6b6b45c089edf7b1fbc155d773854876b

SHA512
0006cf3f56b8f08c7491477cb0a5e03bcda1e919de62cb24742173ce50dc9caca46f685db9ce16265eb8cc3a7a30f577a2bf73d8aab04db1141c3b544a6f12c5

Download Submit
C:\Users\Admin\Desktop\ConvertFromRevoke.ppsx

Filesize
264KB

MD5
04382d6753f4e9dd4cfe58a94e68f7aa

SHA1
fe54ae5f3c5edd3ab2a06f93d332eea0a360eddd

SHA256
bbab63f01a0181cb3c0a71d610cc13aa7c540684b14802b4931dfb1a34da0997

SHA512
da7ab3cdb1cb4f4000d6345710ab3a9f9cdb1ba46f8f4d8e950cc0d9bd3836e5ea74da47caa4e5c4d90d43a60a614b6c6161a4e9d2d366fefe3cd28596ee5704

Download Submit
C:\Users\Admin\Desktop\DebugEnable.midi

Filesize
593KB

MD5
4a0bad2d90d58fcff41ec94e281925cd

SHA1
700b6da7292b7be56dd94b5cb240c5ef5511fb12

SHA256
6ed1023bba2e10ded977017b9894dafa4eaf7beafbb86137bd2d865df74d346c

SHA512
5206077bdac0dfeb2535a86eac339d2f7c7fe663a7563c09a5d5744ea55112afd9bcb477217ce62d3f67ce9b0eea57fc9c3025f8916ab7c8ffb80ec167d0207a

Download Submit
C:\Users\Admin\Desktop\DebugRestore.crw

Filesize
429KB

MD5
1be1d30c364198c6067aff2cba9273f3

SHA1
924e90df2ca18dbf4534b1a36d903095964ab639

SHA256
a0dff4af063e87f6f51bf59bca2a82601950ff181d1946ecb08542ad529548b4

SHA512
3ad1a62171497e36ef0cfc554ead55f4c50b12d0388b763325273bce9fcbd1522aa7307dca33ddfaef9b129aeeecc3967a1af39073be8713d921245266aaed6c

Download Submit
C:\Users\Admin\Desktop\EditProtect.rmi

Filesize
431KB

MD5
08a0e9f97ece668e6b01e6de511abbe5

SHA1
d336ade8a6cb5e0c950011865757c458a23eda3b

SHA256
018d0a9960e5394032b200a7ce6feb7edb3928b04fad77187e5b3ad477e90610

SHA512
fc5c252c2cfd0c48043266834ccfa632ac3c2db3df3f68f2918a2297c356ff3a01ce5f1cba4b0fc580d3e94df7ea00e8ad997b46066eb996bd4e92582f8320e0

Download Submit
C:\Users\Admin\Desktop\ExitRevoke.ps1xml

Filesize
189KB

MD5
c3f0cd6366a5fd290bce49b1f8b33f55

SHA1
9666ee26b9e1909afc0a8c19036352307aa21676

SHA256
4b1497613f81d8efc7dc11ca690cac2728a85b9dc7d6c895bdce21ce90fdb835

SHA512
d732389b54cd4bf182b46698fde2045d619bbba3437d41598a8a26f6b8d6053308023dcf36947969235a11ed30bdc83496cd6d40d7b10ce668f64305f483e5c9

Download Submit
C:\Users\Admin\Desktop\ExportRestore.exe

Filesize
538KB

MD5
70aced1921038ae87b52e26e2063033b

SHA1
390c99cc39cde876e7ab873ef85ef80d656b8d35

SHA256
42fb366efbb9b328f2a44d0efe71b5e9ddeb0e9240e2ee4080e6ecbfe2feae55

SHA512
105f442e1abd33a4ef93016c6eb86c1efeaaf68d88ef323d394c4d29be9841b783d5cecfdc15616a7bd2a07596fec1cded17e3157ea4c444e3bfcb1fc531d61b

Download Submit
C:\Users\Admin\Desktop\InvokeSkip.css

Filesize
301KB

MD5
dcf3f97afeb4f4299c4ac96192a7eb0d

SHA1
1864a7411644dd8e0f6e81a80b1e33ce4b1d42d5

SHA256
dcae27222c1674c96a32061670773ac7485b0135e115dc7e76701fa1e7dbba7a

SHA512
d4e3df45834e409eac95da134e17f0d49447081a026d3211d8479d0046e0d251fafdba32d4b6bc9e2cc8c00bf2fee3b2cb1d40977cfa2c96393bc3022ac4e359

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
15cc0ddcbd0b2b85922a197e8e10d9bf

SHA1
6aee5d8a94dce878b3bcb7ff978f9aba20cbe371

SHA256
a7c8db03978b0ea7540dcf97510fce70ee49960a453aafc4b2924e7908f7496d

SHA512
49d41b34863ce6fb1fc252f251d7a75aa46c40c04e347458b0d105dcaaf81db257c42279c980cd749c4322c1bf98dc1d660c0203c4f6560d0701bee90212b5fe

Download Submit
C:\Users\Admin\Desktop\MoveConfirm.TTS

Filesize
283KB

MD5
c6b41a6be802f3c54daf4cd835d5718f

SHA1
a394754bd4ae37f7ea71bbfeca1d7a098eec6440

SHA256
08b0be5e861f35ee592f2bb407a2d9fa3a439793a26e8e57c162d7d273bb9a17

SHA512
9cd82a1817de9d079243b5ce131027699008b609b24536b91004137100ab713acb26d032d7a53e1df7c870bd93fec8e657bd71a9bbc7a270e6e5f9ffcdcf2b4f

Download Submit
C:\Users\Admin\Desktop\OpenGet.001

Filesize
581KB

MD5
8331e10e812a1b96779401c7efcf8248

SHA1
6b9d33341b0a9597aa9ef50e8e48a6b61a2e9444

SHA256
337b4800d5dabf8e2ad3a13d1e44b831de8cf084297f4bfbb8d5e82ac66d54dc

SHA512
6b0cfd1af074f20c2a0d3b12b81488016d409514e6a33eb15223f45a785c88e274bb6cb8b3983922fd7265405ad4dd0ea62b211547f502949d6dde8695b8a820

Download Submit
C:\Users\Admin\Desktop\PingCompare.m1v

Filesize
197KB

MD5
9c599e86a455b0e802f64a073e137e5f

SHA1
54f773849ddd9f5c1867f92a3117191ee824007d

SHA256
f71cdd1606913dde5cd01742f1d98a0944a98b69c6be7bcd531d58eeb8c5e679

SHA512
6fd345fb8979ec05146ba2e93b78f8997f7374c26280886bff9be389a7a1cfd2bf4dfa5f7778f04d478c020ea9259d11d38a60c4b103c828e0a7c40b4a548557

Download Submit
C:\Users\Admin\Desktop\PopSet.rtf

Filesize
573KB

MD5
0dd58078e07241f7485c4694e2fb832e

SHA1
90b81a6a9b15b807ac7bbf7198e750b81121c4d8

SHA256
59420beaa77d06e98b3d325e694f997370f95df49d4ce8ffb349c534943bbe0e

SHA512
420785819effb67c9ff9e8e01025fca740be13eb7fb3e97b0b2c537fbc2f7b02bd7a617773a468775d0b400cf1b0c66c115a3d9d6dabc68968e17aef59f4deb1

Download Submit
C:\Users\Admin\Desktop\PublishGet.ps1xml

Filesize
379KB

MD5
c56b091e5ae8d1c023ff30c62cea538b

SHA1
96abe8b3e9c1db5ca9b3a4f2f562f1cb63c3670d

SHA256
2db599268b17eba3324f605b9cc540e6e49a0f275f182cd66b2cd6920551964b

SHA512
b06422abf146a7a3b6c2f6504d951fe1a545f5a1f28f35292e3bec1babc5ba229df4795245747cfa41d35f42cbf4447e32fb129b2c885444db336a0eb978e4d6

Download Submit
C:\Users\Admin\Desktop\PublishResume.ADTS

Filesize
410KB

MD5
36c0bf5198385ad8e35a69579439c49d

SHA1
b8c9e7b2dc0a6be6c3f3ea79e5497414ff5c82a5

SHA256
48c80daad6dc4960f28332ff393b6c195c07d0b63ac6aab5aa040e68918ade95

SHA512
97566e3932b89e7bd67a582b8fb90091c84e3a1aa013f4152b99111a966d283414f7732414464e2ed7e21c96cea3576bafd00bded20c9278c8f9138b09ed78e5

Download Submit
C:\Users\Admin\Desktop\RequestOut.AAC

Filesize
319KB

MD5
bb2679382c9cbe32603c23ed23376984

SHA1
dee036920d1707f4166cc3df03a8bc167c06bf16

SHA256
6641169552f863e51a21715ac4321eab7df029e3238eed22e8e86f1ed2f66b92

SHA512
6a92a611bfe7c0488792e44a21c0ee402474168d3bd1f295f991057ca05424abbed0f6c5ef4141c906222ba4a9aaa24749c801f901b102e9689075d3f9703118

Download Submit
C:\Users\Admin\Desktop\SaveUse.eprtx

Filesize
471KB

MD5
da4769f8debaa7420d5fc87ed166d14f

SHA1
3a14dff066bb0b59bc4d8fd3710358ed338b974e

SHA256
ae633a93f0e4ff756769b693fb2b5c274912bf59d18d1791cb2a9653c3c00afc

SHA512
62605dcfa439c9a37e49b611a9be6f9b58d66ae7e9d1fe9179f84a3090ee229ee34f972f1a96900f420bb0dcbba0fbcb0238d7a72cf53511ae06ffdacbe4906a

Download Submit
C:\Users\Admin\Desktop\SearchOpen.mp3

Filesize
374KB

MD5
fb0b95886f90257026b3306eb230537b

SHA1
78579f2d2c2ad590b7c3c31d8205d83e6f1c4748

SHA256
8d90392cbaea2fa84138d22b7556fc385bd6d75e6ad6de00893ee0b737313fd3

SHA512
2253ea0ec8f7bb778b7720b768575188a394db460547cb1d6a0c63613890ae73e0eae9af79d46e29bab3933cef67f0754d68ebc3079a80fc0eafd58e31bd5612

Download Submit
C:\Users\Admin\Desktop\SuspendSplit.M2T

Filesize
199KB

MD5
4bab9f695d70e687672df12ebb188dce

SHA1
d77e19794738b8e04dd8990d6a5009ba79f960cb

SHA256
fb5e8203e30b9ba2b5b7c680b5c9776c9c7ddc8e289044f869b0e58dc4d94417

SHA512
c94b7edd2fe1d96b2c93d7e039df6899f1602cc64589bd527a1709ec722c234dd94f91f269188fcb81929dc10412e1bc9646dad12a83188919e9ec5b8ad7e9f7

Download Submit
C:\Users\Admin\Desktop\SyncSend.ppt

Filesize
423KB

MD5
473b9700c6df2317bcc0967ad906a7f5

SHA1
012c69feb1ebab24b48d31b64e8c77ef26555cc1

SHA256
eb1d6c56234600a7bbf7bec464f22a6c810dac277875ab28194dd041a43525b5

SHA512
6dd558013dc2a15877ad377b200a65e4a9db2fd67ee537e3b7f7a3b4450dee928bf9d802a50487c21cc29692cc15eb854dd2dc9ab09b395c1a8dedc644c794fb

Download Submit
C:\Users\Admin\Desktop\TraceEnable.mht

Filesize
140KB

MD5
db3065ca228d01d2bb1bd73aacf7b5eb

SHA1
6a80532943501d882e60729f2d8a854853c405d0

SHA256
ce7391d3214724da5f3e9573e39595fcdf834ec629be0eee0d5e8ed0ae44e09f

SHA512
d0015a329282f91a0dc89259092442c69d0a39742adcfe5c83077becd034ab9e4edcce02d802b3b50c03925d16570521a6d8d5dbbaaf7bcd84448d3ed5851282

Download Submit
C:\Users\Admin\Desktop\TraceMount.rtf

Filesize
526KB

MD5
c00077c0f45b913d2200592c201d8d19

SHA1
458adfe38880cccb86c32b611be4454e5589b43a

SHA256
fdd1df441a4dcbf4de2d9986c0bcda633bf3f2aff1a1d982dc6f51928ae8dc69

SHA512
a4f2a9f6393a01fce50240d5e1245efd182974710353697fc1e4a629358f9bf1877ba8f891d77142eb7af951bd25cb01838c771ed42d7ac77bf73d98cfdb658f

Download Submit
C:\Users\Admin\Desktop\UnblockClear.m3u

Filesize
392KB

MD5
a9e5aaf08105f0193cafb8dc4eccd2df

SHA1
90aab37be6b970aac77a5704642b7ffc130e7437

SHA256
6d6c306d6b53673c6eb8a13238975467419f4a830bc7752a6aeacc792cee1fca

SHA512
e18ff39fc2aeece29e9af224fa90f328705c46399bd034d0d89e87e435fbf8d27b74fd453d49f8543dad5930ddb0923ae3ef98ebbfb49987a15bd50b67f6a921

Download Submit
C:\Users\Admin\Desktop\UnpublishReset.svgz

Filesize
347KB

MD5
e2febfcea6fd00313fb9ebc47bc3e130

SHA1
d51977959fdfd6f3f95217295fb827d32ceead77

SHA256
e310ef69a7a47cbc3b58717202bc9c6dc31ff50975c4732201be8e4d90d672da

SHA512
8dad04c10c3c98874c3fc8fec91da49082bafe5409ea5f89494858c8a9ad8b5a8ab31a48228a49bddf8458b46b8af0b483f57fa0d148cbd620765f73b57cc5c3

Download Submit
C:\Users\Admin\Desktop\WatchJoin.M2V

Filesize
273KB

MD5
d2838c411974c472c720b6b3ff645772

SHA1
87312b5660e1f06f911309caab3f5e05ec1553c7

SHA256
ac6c9529e1dd2661a145d3a2417590aba4de69f26437eff51e5cb3e9e1da2e26

SHA512
ae389b4048f6dbfb594c33e737849d4088b5ce1fe730450f999a4feca4575f694e295bef26cc0020b538068557eb4544e587df9ac3d8a83b1f36c8f274292da0

Download Submit
C:\Users\Admin\Desktop\WatchRequest.dwfx

Filesize
204KB

MD5
003213772b86155883672a2bcee82984

SHA1
bfe280ef7372a0a4bf9662997e09084526b7bb9b

SHA256
d9d4c56097d06e78c7df194eab96a3aef8b565b858cb1a3090878216dab58599

SHA512
0727b6c8c89aa0ac4d32fe63133faa2b4261e50b0f5a43a1bd4ecf96b6107c48fdbfe7c6169196160aece5d775f55d28bf427e74f5abe46814530376eb1e84dc

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
96d30c4077a0b5aa52587d4e566d8f6f

SHA1
dcdd1c28601ebad43ce05ab8d141d2e264e1b4c4

SHA256
634d095dcc955ec3a1cd210b38b48c0e598e99d38b2fdd2a71ab597834af920b

SHA512
2995b041a51bb2dae6740f71d83f6c9543c63d5de5ae54f02e568bdf22068caf14cb0678257ac5b2b3601fba4816bbfc1fc5a6d40f9a495b44ca0ccd74c692a6

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
f01714b600b650efd5c1d62528d63dd4

SHA1
b83e0cb821efdd4500988a6c593144b32ae9495c

SHA256
739ebc9bb54eaf9bfc069299b63544695aea8cfeb90987551c0f221c1f0a176f

SHA512
44049795707629d6b9e1aa6e004bd22dca70a43316d04665a83fa1088bc843c2fc952984c2be4c6d2e18358a66f483eb1f9e3aefe30bf5dd6573c4bb3af2d1be

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
1bfdb4d9e70e9d8f97eed112adea337e

SHA1
ff3273d476cd65103ab788a84fd7150e0dd96f7a

SHA256
440f2a52f313445a6bef159b48ff3c51056cb1b78e06d60e6b00c26134b744b0

SHA512
f510b908d1d3d82f0a0b0780c5ad3a7eb5e5392ca61f64a1c752592c484ba4f13c61b49fdd699a6440d65ce438c9fcd71bf5b93c4f79d5d33a0cfda693214af0

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
c8da7f85b2a9edfc0efd4bc03704a835

SHA1
9d033091a1ab9227de06e80cfc480d547bbabfbe

SHA256
4821d2a1dee8a40d3c9c565db31724f486a1ab6a1089be553c0caaeb69a73553

SHA512
625fe3006719ccd15188fe30972aeb8f65f96efeebc2762a192ceb1abde2e557bf617a6c42e22fd97a39a77bb32ab55bbdc550ef64cfc221821854e5a3956def

Download Submit
memory/2288-1-0x0000025873400000-0x00000258735C2000-memory.dmp

Filesize
1.8MB

Download
memory/2288-2-0x00007FFEC8710000-0x00007FFEC91D2000-memory.dmp

Filesize
10.8MB

Download
memory/2288-3-0x00000258732C0000-0x00000258732D0000-memory.dmp

Filesize
64KB

Download
memory/2288-0-0x0000025870D50000-0x0000025870D68000-memory.dmp

Filesize
96KB

Download
memory/2288-4-0x00000258746D0000-0x0000025874BF8000-memory.dmp

Filesize
5.2MB

Download
memory/2288-39-0x00007FFEC8710000-0x00007FFEC91D2000-memory.dmp

Filesize
10.8MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads