Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-04-2024 03:14
Behavioral task
behavioral1
Sample
Image.jpg.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Image.jpg.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
Image.jpg.exe
-
Size
78KB
-
MD5
d40ef0184cd8a7428374f5b9daf94ba6
-
SHA1
85bd38a2b5a858c6b5e0608b73f66874c4aa9c63
-
SHA256
03ac9a5d049067f3b13e2781e336178aa01fab5cb8e7effc5903da08aabcb61e
-
SHA512
37c4fff56bdec5dd7296d6f0dca05c7c66f73f111fd8da47732c5b82bd6faaacb20086eefa319cbbd1d0e10119644444002db3a57ce0f76d7da12eb4857c4e33
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+rPIC:5Zv5PDwbjNrmAE+DIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTIxODk2NDQwNzI3OTk0Mzc3NQ.GS7a6G.MN50mEh7UMgOL_rB18LZuCG7dB8Bra64Ihw50A
-
server_id
1227976374644510781
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
resource yara_rule behavioral1/memory/2912-0-0x000000013F4C0000-0x000000013F4D8000-memory.dmp INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2912 wrote to memory of 1712 2912 Image.jpg.exe 28 PID 2912 wrote to memory of 1712 2912 Image.jpg.exe 28 PID 2912 wrote to memory of 1712 2912 Image.jpg.exe 28