Overview

overview

10

Static

static

10

Test.exe

windows11-21h2-x64

Analysis

  • max time kernel
    191s
  • max time network
    194s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240704-en
  • resource tags

    arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-07-2024 18:25

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Test.exe

  • Size

    78KB

  • MD5

    bbbb9f0fb811b0428806262bda7deae4

  • SHA1

    f6ca297ca8b2d3aa499a9e24a51de252f7f35276

  • SHA256

    854d608165b291d469b2512be40803242d9379ef58087da9096f3ee93da37920

  • SHA512

    bba651156550bc001f41156766d80046aa6e5dd755c9af2e037c81922175c61513a2c94081c9942a1d749c9c712ac7f24ff86be181962874f684e1b19bfba2b2

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+SPIC:5Zv5PDwbjNrmAE+eIC

Score
10/10
discordratpersistenceransomwareratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0NzY0ODI3NjkwNDI4NDIxMQ.GzYU-o.gTVjR5kc0qgiHq8KPJLw_Xg1mnEgJyOsa1wDxU

  • server_id

    1247801636122787851

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Test.exe
    "C:\Users\Admin\AppData\Local\Temp\Test.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1036

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1036-1-0x00000238C36E0000-0x00000238C36F8000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1036-0-0x00007FF9C0453000-0x00007FF9C0455000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1036-2-0x00000238DDDF0000-0x00000238DDFB2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1036-3-0x00007FF9C0450000-0x00007FF9C0F12000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1036-4-0x00000238DF070000-0x00000238DF598000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/1036-5-0x00007FF9C0450000-0x00007FF9C0F12000-memory.dmp
    Filesize

    10.8MB

    Download