Overview

overview

10

Static

static

3

s‮gpj.exe

windows7-x64

10

s‮gpj.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    s‮gpj.exe

  • Size

    563KB

  • Sample

    240416-y6bd8adc6z

  • MD5

    0bbc0a7dc1a58f8a33fbd893ec737bc2

  • SHA1

    6cc449fffcf0111d62ff0475afb30eef7d774089

  • SHA256

    9f7154d3786a9f445d249454777da82ebca55681b0fdbe54f1695ce31a30543f

  • SHA512

    d6a4cb34a70180951925d5414c1a563a37a5a6d5c92b6fc8c741711637ebd1af60a0e375e00334599f322226a084641f099042b524f7152c720f8a2e7ee14445

  • SSDEEP

    12288:oCQjgAtAHM+vetZxF5EWry8AJGy0yfnSWv46NuV9TXH2505/N:o5ZWs+OZVEWry8AFBTjNufH2kV

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyOTg4MjMyNDM2ODM2MzcwMA.GrfReS.9yWuSoWr3uhKK0b6qurk33JdihJVamaZgss9Yg

  • server_id

    1229880755757514752

Targets

    • Target

      s‮gpj.exe

    • Size

      563KB

    • MD5

      0bbc0a7dc1a58f8a33fbd893ec737bc2

    • SHA1

      6cc449fffcf0111d62ff0475afb30eef7d774089

    • SHA256

      9f7154d3786a9f445d249454777da82ebca55681b0fdbe54f1695ce31a30543f

    • SHA512

      d6a4cb34a70180951925d5414c1a563a37a5a6d5c92b6fc8c741711637ebd1af60a0e375e00334599f322226a084641f099042b524f7152c720f8a2e7ee14445

    • SSDEEP

      12288:oCQjgAtAHM+vetZxF5EWry8AJGy0yfnSWv46NuV9TXH2505/N:o5ZWs+OZVEWry8AFBTjNufH2kV

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.