Extracted

• • Target

    main.exe

  • Size

    90KB

  • MD5

    9932b9f4ba73846661de9cd3a1773db1

  • SHA1

    3c03d8e1bcc1881a1dfecf4dd48281163fe7f8de

  • SHA256

    0221bcc32a8271a709de78656db437e596306cddd049585b70376112feb3a486

  • SHA512

    b1bec36207843d568d1ffec9457920afaea79c529a22e2e1d23ab38fda6d0fa39f523dfd2d4ec98485e34e5d880eac9beccafe36b2dc0cc45628145c87b1d047

  • SSDEEP

    1536:Msi8yMgTYYVJtD0wNJBNHPP3lLuBZAWsSTN56WsSTN5MwEYLzMkupBCZr:C8uTtownn3lWsSTdsSTqYLzupYr

  Score

  10^/10

  discordratpersistenceratrootkitstealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1