Analysis
-
max time kernel
92s -
max time network
134s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
-
submitted
18-07-2024 16:52
General
-
Target
Nuker.exe
-
Size
78KB
-
MD5
487cac43ec81f1851d895f7da7c2ed31
-
SHA1
a57243fbbb3a3bbb68d8cc2c24665097d5e5937c
-
SHA256
c9f5caa2963b2a6810f04b740a36dc68533711baf74ed5c2cc9e6ee7820d87a7
-
SHA512
3333925e7869579b9c1bf9dfe1bc0a8caac6f62846c5ea53a0e916dbda43d7ebc0b73082c36199ade9ef10ace7d81dac591a7c50c17150d9af3924f2fdbb7d08
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIC:5Zv5PDwbjNrmAE+IIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI2MTQ2MDc1NDk5ODEwMDA3OQ.GEglZz.6JqO9bf4CCcrev5NFz_m_RrqxOivTqTcbCsRg0
-
server_id
1261792833887801445
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Nuker.exe"C:\Users\Admin\AppData\Local\Temp\Nuker.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
96KB
-
Filesize
1.8MB
-
Filesize
10.8MB
-
Filesize
5.2MB
-
Filesize
8KB
-
Filesize
10.8MB
-
Filesize
472KB
-
Filesize
72KB
-
Filesize
120KB