Extracted

• • Target

    Kinito_horror.exe

  • Size

    536KB

  • MD5

    ad96c8a2754e9842815afb1cfdb13581

  • SHA1

    422d8a2a47975ca27ae9824a99e438d4e28ece68

  • SHA256

    76629cc6ae5d1de771cf074cee28eb1b7e5ce236061a19f76fee039ac8f4d81d

  • SHA512

    f4250022659705cb7e75530af1ec64f732942bc3db305d5e3e716eda61cfd8308ee2ca0d89b499696b8e7e2bdf8edae7b1e87387dfdc8dcd210eb9485efb70a8

  • SSDEEP

    12288:fyveQB/fTHIGaPkKEYzURNA/bAg81p46UKXZlyyijD:fuDXTIGaPhEYzUzATqnxXRijD

  Score

  10^/10

  discordratpersistenceratrootkitstealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2