discordrat | Epic[.]zip | Triage

Sharing

General

Target

Epic.zip
Size

49KB
MD5

ec66d375a70559eb6b4ce9aa8f28767a
SHA1

9df2a19dfb8d344c466ab5e1eebd19549c352f1e
SHA256

e08b2618739a86f8e36676a718080b5f90912945d949dee8b480882012a31945
SHA512

ad446fe5f117d31dd37a89c0b40411a6af6e035486c512781f3a5d5a170b405cd59bfb6223bca2babc77c2a226a602594044b74a317921c4ad9f24960acb8a94
SSDEEP

768:7U9ao3OtnT+0KZyN/oip3PkbPHWCzf6+hBdkJBVHun6U9Nt+g0qQLwfasu26:o7+lKMJAX6WT2VY6UJz0qQLHsV6

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2MjE4MzU5NjU1MTE4MDQwMg.Gzy3x9.RZIwVThFyDF6ranz-qVbm6lG_FO19_NJuZ4LiM
server_id
1262179245837258894

Signatures

Discordrat family
discordrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/VSoftware.exe

Files

Epic.zip
.zip

Password: Leteeno
3Png.png
.png

Password: Leteeno
VSoftware.exe
.exe windows:4 windows x64 arch:x64

Password: Leteeno

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ