Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/l...

windows11-21h2-x64

10

Resubmissions

01-04-2024 18:21

240401-wzcycsbe5v 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/lol85d8dgdn/Codex-Desktop

  • Sample

    240401-wzcycsbe5v

Score
10/10
discordratevasionpersistencepyinstallerratrootkitspywarestealerupx

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyMDY0MzYwODQxMjE2MDAxMA.Ge1Fhs.84aw5Zz6uV1m46CZnxOPlt8EIXrX82Y43FlVEw

  • server_id

    1220127684227498034

Targets

    • Target

      https://github.com/lol85d8dgdn/Codex-Desktop

    Score
    10/10
    discordratevasionpersistencepyinstallerratrootkitspywarestealerupx

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks