Overview

overview

10

Static

static

3

malware.Is...pg.exe

windows10-2004-x64

10

Resubmissions

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malware.IshowMeat.jpg.exe

  • Size

    320KB

  • Sample

    240412-d6f99adh33

  • MD5

    2cadc43b860ca158894a3e129ac9a3b3

  • SHA1

    0edb735c4b71f9d4c5a8ad80e58bdd6cd2ebe417

  • SHA256

    0ba01b4d47a229a35b31ac87cb876c45cbc8e83a3911056c90cc0541a252533a

  • SHA512

    0b30b0dc2b8fb20084fcce8bed2ac4422369464bc29ab6f1bef3a46f3908c6f839df7b3f0015df6b3f7eb61601fa23ed5739754dd3586cbe648d0b3a3c0954c8

  • SSDEEP

    6144:/v5PDwbBrTIDMKCSNloqQ9EQRekoGcQyCpKzQm:/v51DM2bVmxmGcQyCH

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyNzAyMzc1NjE4MzIwNzk1Ng.GFySZ6.XX8JYM74wRYVqo3whA4s5qcCxIXvjlizI65gi4

  • server_id

    1226407008819740715

Targets

    • Target

      malware.IshowMeat.jpg.exe

    • Size

      320KB

    • MD5

      2cadc43b860ca158894a3e129ac9a3b3

    • SHA1

      0edb735c4b71f9d4c5a8ad80e58bdd6cd2ebe417

    • SHA256

      0ba01b4d47a229a35b31ac87cb876c45cbc8e83a3911056c90cc0541a252533a

    • SHA512

      0b30b0dc2b8fb20084fcce8bed2ac4422369464bc29ab6f1bef3a46f3908c6f839df7b3f0015df6b3f7eb61601fa23ed5739754dd3586cbe648d0b3a3c0954c8

    • SSDEEP

      6144:/v5PDwbBrTIDMKCSNloqQ9EQRekoGcQyCpKzQm:/v51DM2bVmxmGcQyCH

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks