Behavioral task
behavioral1
Sample
02e28a2fa3904b5b1014e93ab881274a9df5f8355fbab4b4424923f65ae4577d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02e28a2fa3904b5b1014e93ab881274a9df5f8355fbab4b4424923f65ae4577d.exe
Resource
win10v2004-20240412-en
General
-
Target
12a5931e9396ce6c5c50742c89c9cac1d5b46044b989ba90a65706de7f066f57
-
Size
28KB
-
MD5
f6b0f983934b64580bf7a26cdc846a00
-
SHA1
b7ae5f7c13b8eb0c82d0307b23bb9a2975d2951c
-
SHA256
12a5931e9396ce6c5c50742c89c9cac1d5b46044b989ba90a65706de7f066f57
-
SHA512
60bbb516f5b21711810a5226bf482b12516fe5bedac8a97dcbe15f30a2dea2dbaf78ef29c2ddfd5e7190e6d5131bb75ad8c0cbb3bc9a054e69aa6dd809d66477
-
SSDEEP
768:OYi1UZ99jz6BS5SLdHkXfwi/B3o+vs96jrtjay:Fi1yHr5SLxkXfwsBY+vs96jrz
Malware Config
Extracted
discordrat
-
discord_token
MTEzNTM5NDcwMTk3ODEwODAxNg.GtdDHG.Aaj0Z8_IKQtFSG2p6VIQeDqNBvd-PkLeTD8WnE
-
server_id
1140853704396902591
Signatures
-
Discordrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/02e28a2fa3904b5b1014e93ab881274a9df5f8355fbab4b4424923f65ae4577d
Files
-
12a5931e9396ce6c5c50742c89c9cac1d5b46044b989ba90a65706de7f066f57.zip
Password: infected
-
02e28a2fa3904b5b1014e93ab881274a9df5f8355fbab4b4424923f65ae4577d.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ