Overview

overview

10

Static

static

3

bypass pure mode.zip

windows7-x64

1

bypass pure mode.zip

windows10-2004-x64

10

bypass pur...er.exe

windows7-x64

8

bypass pur...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bypass pure mode.zip

  • Size

    14.2MB

  • Sample

    240417-v36t6saa9v

  • MD5

    f420e4cd84bdfeda8d9ea4da6bb5901a

  • SHA1

    d0c746136bbf673fd5057687bfcb889e864dd93e

  • SHA256

    44ce8e76326d5ee7940776a146cc02b666b7d47d4fc7c4ad3dd471e25b41b2b4

  • SHA512

    3e4b4bd0821df92ece495920c542bdbe4774388cbf80b5976d6348c98a982600f3f76b38853c885ab6bd20d2c9ef933b8db46fe5c1ade5d53d43f2d6d1482139

  • SSDEEP

    393216:6HKdqCIRID6XZkAmOymNiSflE72cXah+EEnZR8s+ERn:6cDgNxymNi6EhXR5Zxjn

Score
10/10
discordratpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNzQ0Mjc2MTY3MDk4Nzg5Nw.G7QGsq.mV9vPnqHSKpUueDX1U0MR64-D5ZHLEHM-uK5fI

  • server_id

    1228104284198015068

Targets

    • Target

      bypass pure mode.zip

    • Size

      14.2MB

    • MD5

      f420e4cd84bdfeda8d9ea4da6bb5901a

    • SHA1

      d0c746136bbf673fd5057687bfcb889e864dd93e

    • SHA256

      44ce8e76326d5ee7940776a146cc02b666b7d47d4fc7c4ad3dd471e25b41b2b4

    • SHA512

      3e4b4bd0821df92ece495920c542bdbe4774388cbf80b5976d6348c98a982600f3f76b38853c885ab6bd20d2c9ef933b8db46fe5c1ade5d53d43f2d6d1482139

    • SSDEEP

      393216:6HKdqCIRID6XZkAmOymNiSflE72cXah+EEnZR8s+ERn:6cDgNxymNi6EhXR5Zxjn

    Score
    10/10
    discordratpersistenceratrootkitspywarestealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      bypass pure mode/Loader.exe

    • Size

      678KB

    • MD5

      955a20bf9bbfc6a650f027d98de5dcde

    • SHA1

      4e688a55950cb668f8e644230ef53f1854cfa960

    • SHA256

      aec5fd78e242dbc6f94b87e479982b11c2d07f50b7008df3d735a45e765d9baa

    • SHA512

      737e384f576080acf8c549c349301d3aef913235a02ca065d4a06425d21779da1a8f6a198d399e386977d4f7d92e7083a2ae46a16362782716541e460908a957

    • SSDEEP

      12288:RD7/3BHTnGdBbrxr5kwvhnN9Lto9ghiJGZ/O:RD7/BHjGdBPxlfnN9LquhiuO

    Score
    10/10
    discordratpersistenceratrootkitspywarestealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks