General
-
Target
valda v2.zip
-
Size
28KB
-
MD5
a9fb0449c9190cc1bb6952ca79317c97
-
SHA1
83dce1f5a9c255ed29c2528726845240679ef10b
-
SHA256
460564621b507475734b2a611fa42f067369035690ec084984f2dbea090351f3
-
SHA512
0e63a4f9b183b284ecc00a2f5e32a1d7c173afe32b07e7fcd724350ae2b797ef34de43f133878b651571dc71c9c875ef95da175472edc8de6578a6603da590ad
-
SSDEEP
768:V5lz6yZDgr9OtA8dozAWJNVXBR0th3aGcj:Vd2rzRX+Hcj
Malware Config
Extracted
discordrat
-
discord_token
MTE1ODIxMTc5NTMxNjY1ODMxNw.GzjGk7.2SujvjhAUZu7jk24QurgwgWy2v1Z9x506i36ZY
-
server_id
1158211854598938627
Signatures
-
Discordrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/valda/ValdaX.exe
Files
-
valda v2.zip.zip
-
valda/ValdaX.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ