Overview

overview

10

Static

static

10

Fiat_uno.png.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fiat_uno.png.exe

  • Size

    108KB

  • Sample

    240513-s5lkxadd46

  • MD5

    1cc7a8f7370419409b1781edbdfab184

  • SHA1

    c1755bdac85a762b93007cd354c564d23da5ca9d

  • SHA256

    e87911dfa2c3bcbdd2ee2d92e577bc167d18bc439f3f9317960b69e5879000e8

  • SHA512

    50eb994fbacbc666512a0c026eac083f0fc92d16ab133e71a5e51355433b9f101b7d6098e7ce610347911338d2fff3b75b2e2b1dfcefd4eabf28d5de3e75af50

  • SSDEEP

    1536:92WjO8XeEXFd5P7v88wbjNrfxCXhRoKV6+V+pPI3QxLUbTkJiJ+CKkWkh4UpV:9Zz5PDwbjNrmAE+ZI3Qok0+CKXaF

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    OTQ5ODM0ODg4MzkwMDA4ODky.GetiJM.JNqFsu5laAGDOQG7THpEiuBqUW382MMDsx-AYE

  • server_id

    1083215987110838322

Targets

    • Target

      Fiat_uno.png.exe

    • Size

      108KB

    • MD5

      1cc7a8f7370419409b1781edbdfab184

    • SHA1

      c1755bdac85a762b93007cd354c564d23da5ca9d

    • SHA256

      e87911dfa2c3bcbdd2ee2d92e577bc167d18bc439f3f9317960b69e5879000e8

    • SHA512

      50eb994fbacbc666512a0c026eac083f0fc92d16ab133e71a5e51355433b9f101b7d6098e7ce610347911338d2fff3b75b2e2b1dfcefd4eabf28d5de3e75af50

    • SSDEEP

      1536:92WjO8XeEXFd5P7v88wbjNrfxCXhRoKV6+V+pPI3QxLUbTkJiJ+CKkWkh4UpV:9Zz5PDwbjNrmAE+ZI3Qok0+CKXaF

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks