General
-
Target
Discord-RAT-main.zip
-
Size
16KB
-
Sample
240326-sxdkbsgc5s
-
MD5
1136e26cf7cfb59e090cb9b2f002a2e5
-
SHA1
e8f046d776e6d0d7a16c32f8151aabc027ad4cf0
-
SHA256
55dcaab1b8397b60f36a3eaa40f5d53cb9dc21a718f1583cf6db3765cdde9fc9
-
SHA512
6636ad2292b69594aaa284a4916f21fb4c6f29204167e545a1a54ba701a09c20bba99bb7fe8fb8b32301bc81e7e811e81dee65505918f0e002b937869cd97af4
-
SSDEEP
384:tEFzvKj3TskSLlAFYGAP+tSIvtVF49jBLoDiX3:tEF+j47+FYGDtSIzGj1oDiX3
Static task
static1
Behavioral task
behavioral1
Sample
Discord-RAT-main.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Discord-RAT-main/DiscordRAT.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Discord-RAT-main/README.md
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
Discord-RAT-main/requirements.txt
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Discord-RAT-main.zip
-
Size
16KB
-
MD5
1136e26cf7cfb59e090cb9b2f002a2e5
-
SHA1
e8f046d776e6d0d7a16c32f8151aabc027ad4cf0
-
SHA256
55dcaab1b8397b60f36a3eaa40f5d53cb9dc21a718f1583cf6db3765cdde9fc9
-
SHA512
6636ad2292b69594aaa284a4916f21fb4c6f29204167e545a1a54ba701a09c20bba99bb7fe8fb8b32301bc81e7e811e81dee65505918f0e002b937869cd97af4
-
SSDEEP
384:tEFzvKj3TskSLlAFYGAP+tSIvtVF49jBLoDiX3:tEF+j47+FYGDtSIzGj1oDiX3
Score1/10 -
-
-
Target
Discord-RAT-main/DiscordRAT.py
-
Size
64KB
-
MD5
98f641fd90d3bffccc894bf9b4a7036b
-
SHA1
097eedccb52c0d6b5426eeb5a6828ced8c10616e
-
SHA256
38561c9daca6214886b46e33a3f9fb50886f0d4a2701ebc47ff2802dfc27c4d3
-
SHA512
cce7c0aa17c305ea1c9b6672312ac2a33c2f65389fcf9b940dba89d4c8323933c5706a3db64e51d84683187318a52ed619adc48321a74331e5e5a3c4746b9c46
-
SSDEEP
768:Wk5yDADDjyfRixoITvKQg4BvJ4BfKvnrpjAWoa94sRc5f1Ir6YIKIkEtYnOfXcWg:WkIAvj0R4vKQ3jJgsDHg4OftV2NE9c
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Registers COM server for autorun
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Discord-RAT-main/README.md
-
Size
6KB
-
MD5
b05f8ca88910460b157f35773f0a7b9a
-
SHA1
6c7a2161f7531208978f13a4e808e456633efc4d
-
SHA256
7bcf581243f00118ef432cf56a02f2bdf1688d5634fb7e98e15693acf51036c3
-
SHA512
8e934a076bf6e0bf19e71b1095fee234f0461365f3f146920d76fbde98462bcee2cd7b7f22d8391b213b6141a7c3f0dbaa00dee9dbe912fcb0dcc590013f235c
-
SSDEEP
192:XlWng5OPaDANHjiuEAYTgzC/29+dA7zi/br:XjEMmeA2gOK8
Score3/10 -
-
-
Target
Discord-RAT-main/requirements.txt
-
Size
138B
-
MD5
9aa04de5737143b418ec79495a20bdac
-
SHA1
b284af89a563c421129b2e36d2fc56a2d614a37f
-
SHA256
cca7f0708ade3c69a1c0f947279798f5e0753752aa4c668a498e4e62fc7c083e
-
SHA512
2afa0bc7fe2017dbb2d58848aebb1d73a57e9d745f2bdda79e34689191a25f090899760e4b45e43edae41b63bf19c97b97bc4539ffc927953d22c8772edc2872
Score1/10 -