Resubmissions
23-05-2024 16:42
240523-t7qs3shd6s 10General
-
Target
SolaraBETA.exe
-
Size
164KB
-
Sample
240523-xlwnzsce41
-
MD5
ef3211af9aefd0a032cd9fbb3c46d1e2
-
SHA1
b6e09ec37c2e50aec3e186b4b80696bc5fbdc1ec
-
SHA256
d0696ae3dfc83c80cdaf0bb50aa0b7ca04c362177c3bb12ab79a355d261c5465
-
SHA512
fed323033bb2868183eb5770a6ddb1e745db93dca7d23245ad94c32fc7ce223289cad62e48a8674e38e810c52de9eef1993efae2100e13cde0f78d070b0578cd
-
SSDEEP
3072:2Zv5PDwbjNrmAE+4IjLdGgCvZuT75lTT3MJObhH:Wv5PDwbBrUIjLdvm27wJON
Malware Config
Extracted
discordrat
-
discord_token
MTE5NTg0ODc1MjI0NjgyNTA1Mg.G4P4wp.zMWMnomJQlTXAmzFNKlIfb-ParaaB86MEq0gOY
-
server_id
1234555349349040179
Targets
-
-
Target
SolaraBETA.exe
-
Size
164KB
-
MD5
ef3211af9aefd0a032cd9fbb3c46d1e2
-
SHA1
b6e09ec37c2e50aec3e186b4b80696bc5fbdc1ec
-
SHA256
d0696ae3dfc83c80cdaf0bb50aa0b7ca04c362177c3bb12ab79a355d261c5465
-
SHA512
fed323033bb2868183eb5770a6ddb1e745db93dca7d23245ad94c32fc7ce223289cad62e48a8674e38e810c52de9eef1993efae2100e13cde0f78d070b0578cd
-
SSDEEP
3072:2Zv5PDwbjNrmAE+4IjLdGgCvZuT75lTT3MJObhH:Wv5PDwbBrUIjLdvm27wJON
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-