discordrat | rblx hacks REAL[.]rar

General

Target

rblx hacks REAL.rar
Size

367KB
MD5

0e9547daeef407dc9fd2be7976d60f8a
SHA1

e5dc59ef908599cbdfaf160d0c852cfd412afb92
SHA256

be449362ee5003c6a1b6f73a7d3ef1b2d5b67c9eb57e317ab672df32fa8cf366
SHA512

fcd410b6b7d8871a768736fbc8d9af9057a4273ccb0a015663002fb16efb6a853b2f0c36f3c2207b7b3efa623181ddad6de89f9e7a64a1ecedde53216fac67d5
SSDEEP

6144:f1LQ8IYLifq9M9dYc3oz/DEr3tGYRfS1lRQ6HD6Rj7+ApI6ODfsTLKxe1F8m75n:a8IYLifJ2zIYYRfERW+AaBfsfKcF1tn

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0OTU3NzU3NDA5MTE5NDQxOQ.GsOG5Z.ZZXzRiXjjatxWtgj6vEvWrUD7fTQVKec_XOUKg
server_id
1177034497322127390

Signatures

Discordrat family
discordrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/rblx hacks REAL/Client-built.exe
unpack001/rblx hacks REAL/dnlib.dll

Files

rblx hacks REAL.rar
.rar

Password: 123
rblx hacks REAL/Client-built.exe
.exe windows:4 windows x64 arch:x64

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rblx hacks REAL/dnlib.dll
.dll windows:4 windows x86 arch:x86

Password: 123

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/obj/Release/net45/dnlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: 123

Password: 123

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 76KB - Virtual size: 76KB

.rsrc Size: 1KB - Virtual size: 1KB

Password: 123

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B