Extracted

• • Target

    example.exe

  • Size

    678KB

  • MD5

    955a20bf9bbfc6a650f027d98de5dcde

  • SHA1

    4e688a55950cb668f8e644230ef53f1854cfa960

  • SHA256

    aec5fd78e242dbc6f94b87e479982b11c2d07f50b7008df3d735a45e765d9baa

  • SHA512

    737e384f576080acf8c549c349301d3aef913235a02ca065d4a06425d21779da1a8f6a198d399e386977d4f7d92e7083a2ae46a16362782716541e460908a957

  • SSDEEP

    12288:RD7/3BHTnGdBbrxr5kwvhnN9Lto9ghiJGZ/O:RD7/BHjGdBPxlfnN9LquhiuO

  Score

  10^/10

  discordratpersistenceratrootkitstealerspyware

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2