Analysis
-
max time kernel
89s -
max time network
134s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
19/05/2024, 05:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Anti_Discord_RAT_BETA.exe
Resource
win11-20240426-en
3 signatures
150 seconds
General
-
Target
Anti_Discord_RAT_BETA.exe
-
Size
811KB
-
MD5
5a4a324bf0a4b33d96dc92dbb0ff06be
-
SHA1
c02d437fb08716f96603c92e7be2a5a410f9c874
-
SHA256
ba9a3e3afa4e938dc92e32290e731e0e053c978029d1e3fec40dcfd73a8ce5a1
-
SHA512
43e431ff5b915f961485d29114422d8dedf658422348a8d0305fe0bc6d0d48ef74b5cc583ba5d0001ae7a0244f4addd469b84024be48ff6452df6eb1c8d90b3b
-
SSDEEP
12288:VksDRetCve+Lyu2GqLrG23IXhAB0UG+57:t1qPD
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 3 discord.com 5 discord.com 7 discord.com 1 discord.com -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpE35B.tmp.png" Anti_Discord_RAT_BETA.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4760 Anti_Discord_RAT_BETA.exe