Overview

overview

10

Static

static

1

Suckcess.bat

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Suckcess.bat

  • Size

    253B

  • Sample

    240615-1e95ksyhqm

  • MD5

    cf33abdc63dada08dc95c45f82af29ba

  • SHA1

    bd3790e05c238e483c1eb02c96e496825de1387a

  • SHA256

    1d5593bfa4f97e9c69b0d786fd3eedfeee31bc6c7c5ded44aacc1979a808258d

  • SHA512

    91d1d15cfff42d8aba4e7a60a7d71f1c3ccd34bc6489d6c7832af227e42c3e617cfdede9349e5245dfa65f4d30a0dbad4c7154dc764e9cb8a45d5f2355d6198e

Score
10/10
discordratexecutionpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1MTEyMTQwMTU3ODkxNzg4OA.Go9Uh2.8G5SNBTIsuvTitRHKk6_NDHSG19899pkj-8WbQ

  • server_id

    1251101778309550161

Targets

    • Target

      Suckcess.bat

    • Size

      253B

    • MD5

      cf33abdc63dada08dc95c45f82af29ba

    • SHA1

      bd3790e05c238e483c1eb02c96e496825de1387a

    • SHA256

      1d5593bfa4f97e9c69b0d786fd3eedfeee31bc6c7c5ded44aacc1979a808258d

    • SHA512

      91d1d15cfff42d8aba4e7a60a7d71f1c3ccd34bc6489d6c7832af227e42c3e617cfdede9349e5245dfa65f4d30a0dbad4c7154dc764e9cb8a45d5f2355d6198e

    Score
    10/10
    discordratexecutionpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks