Extracted

• • Target

    StarPermV1.exe

  • Size

    18KB

  • MD5

    66ffa888346477f943305396c294b33f

  • SHA1

    cac1eeffe038d24440066d136f36f4a6286847bf

  • SHA256

    f412eef4ddd9d95515f985e910f9704958bc05a1fba25241616c52cf7cbeb66a

  • SHA512

    ce643754d9a26a8aba60381f63cab45fcac71d214aa0a0e34f2c88c79ada9c24c1c60f60cc89fa7860c4868ac01a34f01ad22be1d244e958a5054ff3eb8eba95

  • SSDEEP

    384:fRac/zx95b9Zu46ifvS30vkgUZde06T5y9xxaNJawcudoD7Up:V7brZhnOsaZl2IknbcuyD7U

  Score

  10^/10

  discordratdiscoverypersistenceratrootkitstealerupx

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Registers COM server for autorun

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  behavioral1