Resubmissions
13-04-2024 07:40
240413-jhl4gscb54 10Analysis
-
max time kernel
104s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
13-04-2024 07:40
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
Client-built.exe
-
Size
78KB
-
MD5
4a0cc04717fee11ba7c1a8d2e4fbf757
-
SHA1
4115e8d22583339046421c0656b0cb1b1cebb0af
-
SHA256
f72d36232ed06000dc66be2f7ab2a0e51818208d3520adb4105e16b30da6f48a
-
SHA512
ad2e3d8aadd179954e470e0aaa702ae07abf2eff89d00fd03c4f83d186a15a32fd44343673b69cfba2a7e1dd14dbc901aabf0c2e8950ccd1652b7165a99c493d
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nPIC:5Zv5PDwbjNrmAE+PIC
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTIyODYwNjYyMzMyOTU1MDM5Ng.Gr7Tkd.cmQjgPw9HSiUwf4tv8Ejyejhej4eIDidxpusFI
-
server_id
1228605517560287292
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
flow ioc 67 discord.com 69 discord.com 11 discord.com 14 discord.com 30 discord.com 61 discord.com 65 raw.githubusercontent.com 66 raw.githubusercontent.com -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpAE6B.tmp.png" Client-built.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1984 Client-built.exe