blankgrabber | 54379652e55ee3c3fcc91cdfaa3d0d1c867d038cb9a7db38002a721953629d00 | Triage

Submit
Reports

Overview

overview

Static

static

COINFLIPPER.exe

windows10-1703-x64

Sharing

General

Target

COINFLIPPER.exe
Size

22.0MB
Sample

240723-jt1q1swelr
MD5

a177fbb261a1922c28ec8164b24fe6fc
SHA1

636d1973b83215b240c7df0add2988c156ce337d
SHA256

54379652e55ee3c3fcc91cdfaa3d0d1c867d038cb9a7db38002a721953629d00
SHA512

c09fe80b9deafea15c204aea677b64e6c271a0744ab4e2d94809891e283863f8169f2a6d76b44c8fde884f288a088d47767444be51d6eafcd8fbc5f92873d77b
SSDEEP

98304:9vNDjWM8JEE1rtTamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRaYKJJcGhEI5:9vN00eNTfm/pf+xk4dWRatrbWOjgKx

Score

10^/10

blankgrabber discordrat evasion execution persistence rat rootkit stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

COINFLIPPER.exe

Resource

win10-20240404-en

discordrat evasion execution persistence rat rootkit stealer upx

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1OTI5Nzk3MDE0NzI5NTM2Mw.G6bSSJ.emldT9jgg1k2PMk8CNIDK-zQIdh27viH9gHuX0
server_id
1259293888468750388

Targets

- Target
  
  COINFLIPPER.exe
- Size
  
  22.0MB
- MD5
  
  a177fbb261a1922c28ec8164b24fe6fc
- SHA1
  
  636d1973b83215b240c7df0add2988c156ce337d
- SHA256
  
  54379652e55ee3c3fcc91cdfaa3d0d1c867d038cb9a7db38002a721953629d00
- SHA512
  
  c09fe80b9deafea15c204aea677b64e6c271a0744ab4e2d94809891e283863f8169f2a6d76b44c8fde884f288a088d47767444be51d6eafcd8fbc5f92873d77b
- SSDEEP
  
  98304:9vNDjWM8JEE1rtTamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRaYKJJcGhEI5:9vN00eNTfm/pf+xk4dWRatrbWOjgKx
Score

10^/10

discordrat evasion execution persistence rat rootkit stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratevasionexecutionpersistenceratrootkitstealerupx

© 2018-2025

Terms | Privacy