discordrat | Loader 1[.]0[.]zip

General

Target

Loader 1.0.zip
Size

1.2MB
MD5

6d44e623369352e9559a6687a6cc6038
SHA1

27bdc7992463cb7ab18cfc6ce50495dd8a8167bc
SHA256

0b179ae27d3aa66de1646eec4f31571171cb8cceb2a11c8410afd237213af46f
SHA512

60692008c74bd5b6ca46fa5e391e22e8b72eba6eb187493b5faa04af380168bf9271ef152bc5409769299fffe4b6b9a66bc6130249a22372e571753f78843ea1
SSDEEP

24576:G1PHjoaczZfdE55hHl0WQ/OO4yb99MANKtv7f2dcMEZ:Lm/BQWgwwM

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NjkxNTA1ODEzOTcyOTkyMA.GgcvFH.ZZtWziWR04JaiPJgPsf437j8uiy-5kqu0pM8H4
server_id
1256913520704884807

Signatures

Discordrat family
discordrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Loader 1.0/Loader 1.0 .exe-ob.exe
unpack001/Loader 1.0/dnlib.dll

Files

Loader 1.0.zip
.zip

Password: infectes
Loader 1.0/Loader 1.0 .exe-ob.exe
.exe windows:4 windows x64 arch:x64

Password: infectes

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Loader 1.0/dnlib.dll
.dll windows:4 windows x86 arch:x86

Password: infectes

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/obj/Release/net45/dnlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infectes

Password: infectes

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 76KB - Virtual size: 76KB

.rsrc Size: 2KB - Virtual size: 1KB

Password: infectes

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B