Overview

overview

10

Static

static

3

anton‮gpj.exe

windows7-x64

10

anton‮gpj.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    anton‮gpj.exe

  • Size

    452KB

  • Sample

    240715-xd3sbstglm

  • MD5

    bad8e03a0e1cfe746fb77f73ec5042ae

  • SHA1

    4f3bc64ed1e39a3c7e9215a4bd35072052e2a831

  • SHA256

    09f62ca9ce707a10e1cc29c4e857ae8e38defa05d0f8cc0cad4f84022d6c5b4b

  • SHA512

    162e101e05314cb67e855f15fbc4650f909e5df0da8dd13cdb2c1c4d0f7aa1200e705d35fd6f9ab3fb3c7d361994835bdb6cf16f1e3415ccceffe87ca2641ba2

  • SSDEEP

    6144:2E9yzJpeQF2ZcbTzHznY8XHyldgaPGr++7+EK/zJDi3RC4AQNMIoYrmLU8YchJtd:PyveQB/fTHIGaPkKEYzURNAwbAg8YchB

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI2MjQ3NTk0MjgzMjM3Mzc4MA.Gm3A78.SvvnKqIpnEdUSKBmPvoekRlb-Nq9n0i0njcYUY

  • server_id

    1262476292713087037

Targets

    • Target

      anton‮gpj.exe

    • Size

      452KB

    • MD5

      bad8e03a0e1cfe746fb77f73ec5042ae

    • SHA1

      4f3bc64ed1e39a3c7e9215a4bd35072052e2a831

    • SHA256

      09f62ca9ce707a10e1cc29c4e857ae8e38defa05d0f8cc0cad4f84022d6c5b4b

    • SHA512

      162e101e05314cb67e855f15fbc4650f909e5df0da8dd13cdb2c1c4d0f7aa1200e705d35fd6f9ab3fb3c7d361994835bdb6cf16f1e3415ccceffe87ca2641ba2

    • SSDEEP

      6144:2E9yzJpeQF2ZcbTzHznY8XHyldgaPGr++7+EK/zJDi3RC4AQNMIoYrmLU8YchJtd:PyveQB/fTHIGaPkKEYzURNAwbAg8YchB

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks