Extracted

• • Target

    Craker Internal.exe

  • Size

    715KB

  • MD5

    5ba4d91cfa1d7e34c466caf527e353ba

  • SHA1

    8ce8da48e63fd7172c7e7ffa7fca26f649617caa

  • SHA256

    7f28c4c57891ab3a441d9164e1307de587acaedb795764112390b8c17aaf812b

  • SHA512

    75d23c85b12cb4edf92a1697c57a349e47bbca6c31603fc219bbe051c52c47deb92e1f6ac2957ded0a1349ddd675a3a75a05c8cd4436af1b6423705a3394f204

  • SSDEEP

    12288:dyveQB/fTHIGaPkKEYzURNAwbAg8rlU/GnGy:duDXTIGaPhEYzUzA0qxU/GnGy

  Score

  10^/10

  discordratpersistenceratrootkitstealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2