Overview

overview

10

Static

static

3

rampuri‮gpj.exe

windows7-x64

10

rampuri‮gpj.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rampuri‮gpj.exe.exe

  • Size

    501KB

  • Sample

    240511-wfzb9ach67

  • MD5

    aa4a62721037855489902b7d4d0fe68c

  • SHA1

    b6ebde37fd59baafde5462e6c9423cde8e3d080d

  • SHA256

    b7dc70f04ee701b25d575ed8237baaf214d97e579aa47a13b839633218568b08

  • SHA512

    84d6994520799b861bf545d9d06a64a2b9219a3a1e2fb3bc2359b950781c2a11c58304974f4cbedf1d4985299f82956f2350588a2d64d1839b1d204b5c06f3f0

  • SSDEEP

    12288:9CQjgAtAHM+vetZxF5EWry8AJGy0yGhSTzAsWpB09:95ZWs+OZVEWry8AFBuEfWk9

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzODQ5ODc4MjE5NTQ4MjY5NA.GkSDpb.jG1gPk_g1LnlBEHlMGwUcQd-U1qCjeaJbc2Bn8

  • server_id

    1238500915263176714

Targets

    • Target

      rampuri‮gpj.exe.exe

    • Size

      501KB

    • MD5

      aa4a62721037855489902b7d4d0fe68c

    • SHA1

      b6ebde37fd59baafde5462e6c9423cde8e3d080d

    • SHA256

      b7dc70f04ee701b25d575ed8237baaf214d97e579aa47a13b839633218568b08

    • SHA512

      84d6994520799b861bf545d9d06a64a2b9219a3a1e2fb3bc2359b950781c2a11c58304974f4cbedf1d4985299f82956f2350588a2d64d1839b1d204b5c06f3f0

    • SSDEEP

      12288:9CQjgAtAHM+vetZxF5EWry8AJGy0yGhSTzAsWpB09:95ZWs+OZVEWry8AFBuEfWk9

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks