Overview

overview

10

Static

static

10

Celex Crack.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    9s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-06-2024 07:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Celex Crack.exe

  • Size

    78KB

  • MD5

    863cb08abe72db48b4a4f2d6d87eeb6a

  • SHA1

    ba73da385264fec2e77cadcf5896cdb76440d679

  • SHA256

    d447d26ba27411b5bd5861b39374ff257f11cb604d416f2773b929741faedbc5

  • SHA512

    c271f838eafed27ad00aa8afcd8476d4af62fcac7e292bd27f9bcc979c7405e743b919d9abb0ae88eb72ac5a87f13d309afe6e292e04a20fe7e8d5b97fa5b37f

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0NjQ5ODAwNDc1NjU5NDgxMQ.Gl4MPu.GqOJp71ZqsSF65vaOpvf6tc6aBgQa8uoRrPA6M

  • server_id

    1246498216292388994

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Downloads MZ/PE file
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Celex Crack.exe
    "C:\Users\Admin\AppData\Local\Temp\Celex Crack.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5048
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:8
    1⤵
      PID:1752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5048-0-0x000001DD73B70000-0x000001DD73B88000-memory.dmp

      Filesize

      96KB

      Download

    • memory/5048-1-0x00007FF992653000-0x00007FF992655000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5048-2-0x000001DD762A0000-0x000001DD76462000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/5048-3-0x00007FF992650000-0x00007FF993111000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/5048-4-0x000001DD76AA0000-0x000001DD76FC8000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/5048-5-0x000001DD76570000-0x000001DD765E6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/5048-6-0x000001DD74000000-0x000001DD74012000-memory.dmp

      Filesize

      72KB

      Download

    • memory/5048-7-0x000001DD74030000-0x000001DD7404E000-memory.dmp

      Filesize

      120KB

      Download