Overview

overview

10

Static

static

3

or‮gpj.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    or‮gpj.exe

  • Size

    451KB

  • Sample

    240419-tm38nsgg25

  • MD5

    83897c26f97ac29b0473e572fc9011a0

  • SHA1

    8dfd92c318535a67323a831c93d48d5a4e5f52ab

  • SHA256

    5399c9635622edf962fcf6d73111676df49526175e04a31a4eb9b82720a0de91

  • SHA512

    257f58ff8f159992eab1824b572883fc1b3bea0de8279f1a8059863c1cac0715551ba9287d42de7ed7b654c7b83f507284b4a84a7d3cab06b772f45136063ac1

  • SSDEEP

    12288:/lM1A8JQMVxm4V1db5AgVDk5/ieLPoGtWcMs7:/lMiZMVn1db5AgFk56eLPftL

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyNjI3NDQ5OTg2NDAzOTQyNA.Gq7LiV.GqnYoTN8UBwHwLu5VOTno0mKdGo4KJ1bFd3-j4

  • server_id

    1207280969305034823

Targets

    • Target

      or‮gpj.exe

    • Size

      451KB

    • MD5

      83897c26f97ac29b0473e572fc9011a0

    • SHA1

      8dfd92c318535a67323a831c93d48d5a4e5f52ab

    • SHA256

      5399c9635622edf962fcf6d73111676df49526175e04a31a4eb9b82720a0de91

    • SHA512

      257f58ff8f159992eab1824b572883fc1b3bea0de8279f1a8059863c1cac0715551ba9287d42de7ed7b654c7b83f507284b4a84a7d3cab06b772f45136063ac1

    • SSDEEP

      12288:/lM1A8JQMVxm4V1db5AgVDk5/ieLPoGtWcMs7:/lMiZMVn1db5AgFk56eLPftL

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks