Overview

overview

10

Static

static

3

qr.scr.exe

windows7-x64

10

qr.scr.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    23-03-2024 22:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qr.scr.exe

  • Size

    589KB

  • MD5

    e258820afbaf4806a0af98130aa7e188

  • SHA1

    8384adb56549bb90f45feda7f61cf5f316a2e7b5

  • SHA256

    41bfb9975a07c647313b8211c9096fd42c379ef1ab8aa55cf8754903636d57cd

  • SHA512

    bfa53fab0079710ebad1fc05aec58f29a85f5f029b21a07f126d51858ea9ab93cc2467408a96ac761d3b01b3d5636763f6a8446f4830d2c665d7a246e4c40d86

  • SSDEEP

    6144:vE+yclwQKjdn+WPtYVJIoBfnrI3Yraa41Uhmt+5jh4b+wmN:vBdlwHRn+WlYV+mOYrf8U0U16iws

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTE2NTU4OTMzMjMxNzQ0MjEwOQ.GJEVtK.uFJuCXP9hMLmxL5S40swC_tXrG0HdGoTZYWDxI

  • server_id

    1162644088261193840

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qr.scr.exe
    "C:\Users\Admin\AppData\Local\Temp\qr.scr.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\qr.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\qr.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2560 -s 596
        3⤵
        • Loads dropped DLL
        PID:2636
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\qr.ico
    Filesize

    223KB

    MD5

    f7b79586fa0fd87f757302e947b07550

    SHA1

    75dc2e743ae79b2ee0350cd8086974eda23b3e17

    SHA256

    0bc6f95b9438ef6a557beb35cd48d77bde265751db2a06273ae71b3ad008798f

    SHA512

    ab56dd548d53ee77ccc30ab38e34f3d717ece5953a90334af819a818b573d5a1bfcf58fb661bd2883784ef8be05408edd1e8a1c1cd135d71dd05862f44af3dda

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX0\qr.exe
    Filesize

    302KB

    MD5

    f8c5bb2e9929c86865c291de2b71ae6e

    SHA1

    fdf6e43b696308f60f13e3b96d0482d3634992b6

    SHA256

    271ed5f4d469576ac832f8b8f6734168a986619f3f0aebb1747efe583381ead2

    SHA512

    c46dfb27428ac80bec7cd09d82aa65c59e343a73849965149275459fd5ee113c21d3bb744d41c1a93725e8ced8b22270891db055376a00136a59686365393fa4

    Download Submit

  • memory/2136-5-0x00000000000B0000-0x00000000000B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2136-6-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2136-23-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-4-0x0000000002380000-0x0000000002382000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2560-13-0x000000013F2F0000-0x000000013F340000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2560-15-0x000007FEF52B0000-0x000007FEF5C9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2560-16-0x0000000000870000-0x00000000008F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2560-22-0x000007FEF52B0000-0x000007FEF5C9C000-memory.dmp

    Filesize

    9.9MB

    Download