Overview

overview

10

Static

static

1

Custom Theme.msi

windows7-x64

6

Custom Theme.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Custom Theme.rar

  • Size

    561KB

  • Sample

    240705-tfwv1s1dpr

  • MD5

    b4105bbe8c0855e7062f231a5ebab3b7

  • SHA1

    d815e28ec0e12df5903724f5c9114bc7943b2948

  • SHA256

    144ce56abbd5e2377f3c3218763cb2f27cb334515838be32ca0514995fd5f706

  • SHA512

    a91ceeb7d691f707c9fba9ac15f0269ed6b6f3da214beb5d7a66985ec5b37d1ca990a27c65d3f44260a96b5c2c2928f4528e6a9296e3849c43722bae390b1230

  • SSDEEP

    12288:GocfWSz7pFZXUTnCEinBRTzToxqJTtdzbl5m4FMBqrs:GVFz7ZX4dCOxqJhdz64FBA

Score
10/10
discordratpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1ODA5NjQzNzA2MjAwOTA2NQ.GhJzhd.kk9R2GDudIgunSijVjaWQD6sIwY3-Lvdx3K_jA

  • server_id

    1258096259378577508

Targets

    • Target

      Custom Theme.msi

    • Size

      1.9MB

    • MD5

      3a6d228f64408b62459124daf05bb83f

    • SHA1

      a0c43230ae4eb0611052b78053214a5e8898a9a4

    • SHA256

      90673e8a84408b0bf7c029cf6b3c1394a52bb32f318770a0328d7904256e7643

    • SHA512

      1cfc629d234cb97a40c154a3beeef2f822bbf86c6d90c8df026cf249afd6b7b062ce7a0f6f1b8e787a3972848b42b5320c1ed7ff99c91e00c1d494d412c52c13

    • SSDEEP

      24576:IxoNa2uPYAGxUherZNh0lhSMXlrI5s2JK5kmwy0CfKAe7:9GP5Ferq7I5RJK5k1jCfKAe7

    Score
    10/10
    discordratpersistenceratrootkitspywarestealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks