Overview

overview

10

Static

static

3

banana‮png.exe

windows7-x64

10

banana‮png.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    banana‮png.exe

  • Size

    478KB

  • Sample

    240528-qffbgsef7x

  • MD5

    4c3c1db7d951b6e6ecfb6e798df7f274

  • SHA1

    ac8c5317b900aed8787fe43bca0d5871c580abd3

  • SHA256

    d11237b84ac5e0498786aa2bb410659c087a148943bcfff4015f044ec0756cb3

  • SHA512

    17fc5f3c231bb3a78c500569b19a2c38f746571d479a613d88a617babae51e7e5aae19f28522b5bfb692b6f0daababfac620ca641850f01f7a988814c95ad37c

  • SSDEEP

    12288:wCQjgAtAHM+vetZxF5EWry8AJGy0ylCGvc+YR7x:w5ZWs+OZVEWry8AFBIGvYH

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0NDk4OTQ2MjkxMjY5NjMzMA.GIRO0i.b3bYZf7plrNBXM4V3TRj7NUzgJTJcKm3_NUU0o

  • server_id

    1244990153932673145

Targets

    • Target

      banana‮png.exe

    • Size

      478KB

    • MD5

      4c3c1db7d951b6e6ecfb6e798df7f274

    • SHA1

      ac8c5317b900aed8787fe43bca0d5871c580abd3

    • SHA256

      d11237b84ac5e0498786aa2bb410659c087a148943bcfff4015f044ec0756cb3

    • SHA512

      17fc5f3c231bb3a78c500569b19a2c38f746571d479a613d88a617babae51e7e5aae19f28522b5bfb692b6f0daababfac620ca641850f01f7a988814c95ad37c

    • SSDEEP

      12288:wCQjgAtAHM+vetZxF5EWry8AJGy0ylCGvc+YR7x:w5ZWs+OZVEWry8AFBIGvYH

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks