Behavioral task
behavioral1
Sample
rostrap.exe
Resource
win10v2004-20240709-ja
General
-
Target
rostrap.bin
-
Size
78KB
-
MD5
c806f00fa32f343f9849c77003bb4cc1
-
SHA1
4a80c5b110f93d9dbcc85885bbf231de5ac8ace6
-
SHA256
9ddd3757585f55bea693a536e7ec6c4de0fd46f7df565f9cf6d10e339af2e845
-
SHA512
bac500e08913263bcabab7622eb7d00443d3d426cee9000edcd7b6089cf6e42be2a6b8f93fa60ef703b5400016febf8fb4c922ff17f2c80024a39450440deeb4
-
SSDEEP
1536:Q0QhcOUX0RU1uB3Yec0OIwbJNrfxCXhRoKV6+V+ttD:Qojj03wbJNrmAE+DD
Malware Config
Extracted
discordrat
-
discord_token
MTI2MTcwMjM0NDQ4ODUyMTgwOQ.GyJxES.iPPznz14IbFotKTZ3KViTwuS9T3PzEb13fnomo
-
server_id
1261715255004762132
Signatures
-
Discordrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource rostrap.bin
Files
-
rostrap.bin.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ