discordrat | fc48d2d5769056ae00368b0c6f458b7ac97e65998c76ba91541c8ec406f78280 | Triage

Submit
Reports

Overview

overview

Static

static

Venom Imag...config

windows7-x64

3

Venom Imag...config

windows10-2004-x64

3

Venom Imag...om.exe

windows7-x64

Venom Imag...om.exe

windows10-2004-x64

Venom Imag...in.exe

windows7-x64

7

Venom Imag...in.exe

windows10-2004-x64

7

Venom Imag...fig.py

windows7-x64

3

Venom Imag...fig.py

windows10-2004-x64

3

Sharing

General

Target

Venom_Image_Logger_v3.1.zip
Size

35.1MB
Sample

240407-hjq86afg84
MD5

3287663162eebd34e3f1d34db13ff017
SHA1

63b060fef4a9e441f1a364bb4645e34b090f4704
SHA256

fc48d2d5769056ae00368b0c6f458b7ac97e65998c76ba91541c8ec406f78280
SHA512

357da7f39810ef317dee0a878870540e739c4c377911b63286398907ff0687713916a43be1b413fc7385054c561d8753d614e432cb4d11fde0ae27241c054b85
SSDEEP

786432:CjpBzZxuXtii8qjNXay9RbbnJCEYWrgtcN:ypB1xuXtiiLjNXaoRbjJCEYWrgiN

Score

10^/10

discordrat empyrean persistence pyinstaller rat rootkit stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

Venom Image Logger v3.1/Venom-main/.editorconfig

Resource

win7-20240215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Venom Image Logger v3.1/Venom-main/.editorconfig

Resource

win10v2004-20240226-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

Venom Image Logger v3.1/Venom-main/Venom.exe

Resource

win7-20240220-en

discordrat persistence pyinstaller rat rootkit stealer upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

Venom Image Logger v3.1/Venom-main/Venom.exe

Resource

win10v2004-20240226-en

discordrat persistence pyinstaller rat rootkit stealer upx

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral5

Sample

Venom Image Logger v3.1/Venom-main/dist/main.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

Venom Image Logger v3.1/Venom-main/dist/main.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral7

Sample

Venom Image Logger v3.1/Venom-main/src/config.py

Resource

win7-20231129-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral8

Sample

Venom Image Logger v3.1/Venom-main/src/config.py

Resource

win10v2004-20240226-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxODU0OTg5NjI3ODE3OTg0MA.Gth7Ad._9yVHP6c6O1_Ou788tvd-6Y6nGBkJoenuGkkls
server_id
1218545788821438475

Targets

- Target
  
  Venom Image Logger v3.1/Venom-main/.editorconfig
- Size
  
  158B
- MD5
  
  34972a6636960201f371fde437feeb61
- SHA1
  
  4c1cac0da96766a730ca654ac96b756489e7125b
- SHA256
  
  af6d40deee9e0a2bf5e5bd9e71f857dcdb5c81d5b453425da0616f202b4c679b
- SHA512
  
  952e3af7b03fa3f68e4cc18e77c3c7a7795c86a292fa1e0800dc2372e2111107324287f7d95fbae5e1d312d8809e1d84fcbbed9ed2ea1d96890b93f5775f3211
Score

3^/10
behavioral1 behavioral2
- Target
  
  Venom Image Logger v3.1/Venom-main/Venom.exe
- Size
  
  17.8MB
- MD5
  
  184d5385057d79ef13d899df4bd19a77
- SHA1
  
  fb5d34444109e9c7a6c87b7361f4a05fa9fb7643
- SHA256
  
  a6ca738e8be3671c8bd98a967c997e9f14c2fc35a148ecaecb4a3ffb89b895b9
- SHA512
  
  36cd4c45e9e5679cb38be18c8556bac30f53a9b50c75147379a58daaded41d93b3511cba77d89d2f10a31ece448268c29e223ab36ff2220fd29944f09bd866e6
- SSDEEP
  
  393216:EqPnLFXlrSQ8DOETgsvfGFngYGvEt9T7Gq:lPLFXNSQhEE7f/7
Score

10^/10

discordrat persistence pyinstaller rat rootkit stealer upx
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  Venom Image Logger v3.1/Venom-main/dist/main.exe
- Size
  
  17.7MB
- MD5
  
  230758495042a4a9fa8babf332440386
- SHA1
  
  3eeb7dd97b2369803ac7badebc9a88698850bebc
- SHA256
  
  ef5024e4f0920bd936c3e2a9fae11ddde4cef76e646831a98e1a5281c45f30bd
- SHA512
  
  4cd1c6f60a293a57bfe8ca900cd8152359e73691e1b10a08d5fd9a8312bac1eb401828d8ccfee50f6b41d2bed4c563c35b1d6d3dfdfdde9b4f6b4e135954c34c
- SSDEEP
  
  393216:iqPnLFXlrSQ8DOETgsvfGFngYGvEt9T7Gq:nPLFXNSQhEE7f/7
Score

7^/10

upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  Venom Image Logger v3.1/Venom-main/src/config.py
- Size
  
  192B
- MD5
  
  36b6f6034baef719be778b89b1226a6e
- SHA1
  
  f02c63ff4ead4a66e375ae8145d409537b302d78
- SHA256
  
  70773b420265012d9e1cb9d9bc8a83d8a4ec055d3907bd85102cce4a1853abac
- SHA512
  
  67e3164601de145a4ee2888a1772aa8a12cfcc8a2edc995861fd316ab187d9ae3cb0ee36a9094fdb79db8c5d907f50b9dfe88828590285f02c7fd65b5cb6e129
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

behavioral3

discordratpersistencepyinstallerratrootkitstealerupx

behavioral4

discordratpersistencepyinstallerratrootkitstealerupx

behavioral5

behavioral6

behavioral7

behavioral8

© 2018-2025

Terms | Privacy