Extracted

• • Target

    VSoftware.exe

  • Size

    83KB

  • MD5

    54a3320ff0124cdbfcc5c0c31b1e9206

  • SHA1

    ab643cdd5b493f78fe3de596f5b9ec7f1c7080fd

  • SHA256

    3dc6607ffcac9d32060196731fe0844f7cdb9148adb8b3a141d90ee0eb5b53f3

  • SHA512

    62cfea7ad23834f051b7d12854c94517096e30e026645ff07c3338e8d73de131061b8fd4ef05512156995d303ce44f18aa974686ef52ec5fe7de79c1b5b32351

  • SSDEEP

    1536:t2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+EPIW:tZv5PDwbjNrmAE+YIW

  Score

  10^/10

  discordratdiscoveryevasionpersistenceprivilege_escalationratrootkitspywarestealertrojanupx

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2