discordrat | Crosshair X[.]exe | Triage

Resubmissions

16-06-2024 16:14

240616-tplreazdkb 10

Sharing

General

Target

Crosshair X.exe
Size

78KB
MD5

ad0325b3a4269db52fbd1f836f04efc2
SHA1

8174cab4fcd5cc11bc6346863482a789e37e8da1
SHA256

0e2b2052df8615456681b97edcd22375f511e539a80faafdd9002f2d32a40d08
SHA512

fc7decfbd7f39fd0d55fb7757c32bb0e56efcb5f4b2349a6682986ce737cc4305cd3e7381a85aa0804e86409ccffc01e502e2247c7fbeefe4ef1d39e372e9132
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+5PIC:5Zv5PDwbjNrmAE+JIC

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NzIwNDM3NzM3OTQ3MTQ4Mw.GhygpL.FUJ2gs6omUcQJ7kP5iT4wMucmXxfcp8XHvbxt4
server_id
1249456180246351963

Signatures

Discordrat family
discordrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Crosshair X.exe

Files

Crosshair X.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ