Overview

overview

10

Static

static

10

bypasser/b...al.exe

windows7-x64

10

bypasser/b...al.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bypasser.rar

  • Size

    49KB

  • Sample

    240704-rgprzsxgkj

  • MD5

    5319d55960d98d4078d287b458720ac3

  • SHA1

    95bcf55ca79702a75553f4960dd9d1e88d391ffa

  • SHA256

    49b263d4ed23515700cbae48b96e39fe024c6e24563682b352d9beebe17d99fa

  • SHA512

    f213ecaee21f8ddb8eb82bd822bdd5b773b3ed4593b13ab5179ca246e6d02079f461ddbc3e6e4ed9cb7f8eb2f2c4e97cf3a4255400aeef73ca6b6737a6df1dac

  • SSDEEP

    768:Si2G9LwDpzeyWdbB9u0r0o6mf3efQkzdYeUhTMNucniQ2FVxHkycaSYCmHYT/kwO:SIdwMyWjFYoN6Q/zvMiQ2FVCLaSYPwT6

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1MTMwNDM5NDkzNTUwNTA4Nw.GXLWWL.r7OUns0sCMr5I9ra_FffjxEK2E7LukBojfJIT8

  • server_id

    1256804931839459358

Targets

    • Target

      bypasser/bypasser_final.exe

    • Size

      135KB

    • MD5

      a1288b1ec6fb4da4f55dc8fd53a6c4ce

    • SHA1

      bead8a51b0c34f981a4b278681f63f3b88f9ad54

    • SHA256

      f7dd8d7d380e311b86e9fb2d61b63eb212e70f5e8e51acdbf47a1dd4ed051891

    • SHA512

      2fa5aa3a0d4daaa57854a9045a12b7e01a0f9864924cde12935646b25f172c787b120bdaac65be85ebe442476c2c1f45b51b737ddbbd2579cf6416e65ab038a2

    • SSDEEP

      1536:2vdWSVRVDlOzjRzrksAOO2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPICsov:2MSncRzAOOZv5PDwbjNrmAE+ZICsov

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks