Behavioral task
behavioral1
Sample
13d9beeaced9055a40d4c4d8afb622ab468e7b08ae87b0da2dc283441320d71c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
13d9beeaced9055a40d4c4d8afb622ab468e7b08ae87b0da2dc283441320d71c.exe
Resource
win10v2004-20240226-en
General
-
Target
13d9beeaced9055a40d4c4d8afb622ab468e7b08ae87b0da2dc283441320d71c
-
Size
78KB
-
MD5
e5c76e4a1b86a78756c37b842889a16d
-
SHA1
b0232fccb40a600985140002752e21579627ceeb
-
SHA256
13d9beeaced9055a40d4c4d8afb622ab468e7b08ae87b0da2dc283441320d71c
-
SHA512
fc05438f4d61d470b3b8dc565ec82b74ca71680e0e9b13cc387af5c52cd5affcbe59f816c926e866af6fc262afd8b3a7ccbe7c714d437bc6923504eb4d9e9ea7
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+XPIC:5Zv5PDwbjNrmAE+fIC
Malware Config
Extracted
discordrat
-
discord_token
MTIyNzQxMDkxOTI0NDU2NjY1OQ.GrYgbk.ssbdSWTWQ238-WOkS4Kx8Um0xFW_d_wKie72Go
-
server_id
1227411660403114065
Signatures
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
Discordrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 13d9beeaced9055a40d4c4d8afb622ab468e7b08ae87b0da2dc283441320d71c
Files
-
13d9beeaced9055a40d4c4d8afb622ab468e7b08ae87b0da2dc283441320d71c.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ