Resubmissions

26-03-2024 15:29

240326-sxdkbsgc5s 8

26-03-2024 15:28

240326-swfy3adb46 3

26-03-2024 15:27

240326-sv4czadb38 3

General

  • Target

    Discord-RAT-main.zip

  • Size

    16KB

  • Sample

    240326-sxdkbsgc5s

  • MD5

    1136e26cf7cfb59e090cb9b2f002a2e5

  • SHA1

    e8f046d776e6d0d7a16c32f8151aabc027ad4cf0

  • SHA256

    55dcaab1b8397b60f36a3eaa40f5d53cb9dc21a718f1583cf6db3765cdde9fc9

  • SHA512

    6636ad2292b69594aaa284a4916f21fb4c6f29204167e545a1a54ba701a09c20bba99bb7fe8fb8b32301bc81e7e811e81dee65505918f0e002b937869cd97af4

  • SSDEEP

    384:tEFzvKj3TskSLlAFYGAP+tSIvtVF49jBLoDiX3:tEF+j47+FYGDtSIzGj1oDiX3

Malware Config

Targets

    • Target

      Discord-RAT-main.zip

    • Size

      16KB

    • MD5

      1136e26cf7cfb59e090cb9b2f002a2e5

    • SHA1

      e8f046d776e6d0d7a16c32f8151aabc027ad4cf0

    • SHA256

      55dcaab1b8397b60f36a3eaa40f5d53cb9dc21a718f1583cf6db3765cdde9fc9

    • SHA512

      6636ad2292b69594aaa284a4916f21fb4c6f29204167e545a1a54ba701a09c20bba99bb7fe8fb8b32301bc81e7e811e81dee65505918f0e002b937869cd97af4

    • SSDEEP

      384:tEFzvKj3TskSLlAFYGAP+tSIvtVF49jBLoDiX3:tEF+j47+FYGDtSIzGj1oDiX3

    Score
    1/10
    • Target

      Discord-RAT-main/DiscordRAT.py

    • Size

      64KB

    • MD5

      98f641fd90d3bffccc894bf9b4a7036b

    • SHA1

      097eedccb52c0d6b5426eeb5a6828ced8c10616e

    • SHA256

      38561c9daca6214886b46e33a3f9fb50886f0d4a2701ebc47ff2802dfc27c4d3

    • SHA512

      cce7c0aa17c305ea1c9b6672312ac2a33c2f65389fcf9b940dba89d4c8323933c5706a3db64e51d84683187318a52ed619adc48321a74331e5e5a3c4746b9c46

    • SSDEEP

      768:Wk5yDADDjyfRixoITvKQg4BvJ4BfKvnrpjAWoa94sRc5f1Ir6YIKIkEtYnOfXcWg:WkIAvj0R4vKQ3jJgsDHg4OftV2NE9c

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      Discord-RAT-main/README.md

    • Size

      6KB

    • MD5

      b05f8ca88910460b157f35773f0a7b9a

    • SHA1

      6c7a2161f7531208978f13a4e808e456633efc4d

    • SHA256

      7bcf581243f00118ef432cf56a02f2bdf1688d5634fb7e98e15693acf51036c3

    • SHA512

      8e934a076bf6e0bf19e71b1095fee234f0461365f3f146920d76fbde98462bcee2cd7b7f22d8391b213b6141a7c3f0dbaa00dee9dbe912fcb0dcc590013f235c

    • SSDEEP

      192:XlWng5OPaDANHjiuEAYTgzC/29+dA7zi/br:XjEMmeA2gOK8

    Score
    3/10
    • Target

      Discord-RAT-main/requirements.txt

    • Size

      138B

    • MD5

      9aa04de5737143b418ec79495a20bdac

    • SHA1

      b284af89a563c421129b2e36d2fc56a2d614a37f

    • SHA256

      cca7f0708ade3c69a1c0f947279798f5e0753752aa4c668a498e4e62fc7c083e

    • SHA512

      2afa0bc7fe2017dbb2d58848aebb1d73a57e9d745f2bdda79e34689191a25f090899760e4b45e43edae41b63bf19c97b97bc4539ffc927953d22c8772edc2872

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks