Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Resubmissions

23-07-2024 14:26

240723-rscxkaxflf 10

23-07-2024 14:20

240723-rnv8cavbjk 10

23-07-2024 14:13

240723-rjwnbathkm 10

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2024 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    5ccc8cb73a3e7f49f02309b8234150f7

  • SHA1

    2e25a1e3c2dea17b8a55794ea410efc20a20ba89

  • SHA256

    96b5be62a3f1c6550f243ce18051af2f6e105cb8e5869d1b685df3e6e382e4ca

  • SHA512

    f5aad017d92ad6611aea1c9751e57a4847de36c8e0e40b461b01d3053b30fb563e6258993836f1d193393b95feee6da440352d073d2e1111c2b96186afaafe31

  • SSDEEP

    1536:Z2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+fBPIC:ZZv5PDwbjNrmAE+fRIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI2NTI5NDU0NzA5MzU1MzIwMw.G4XHgH.w73SKG9eGEqZjt7cDrIl25uvvZMMECf3wWXHYA

  • server_id

    1265294099100205107

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2140 -s 600
      2⤵
        PID:2656
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\CopyConvertTo.xht
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8983473a7edcdd713af31f5b6a223f3f

      SHA1

      29fce373aef4cf149d685369aa93e8e2cd851ce5

      SHA256

      b7ba505fc6d7b5def7917c59000768c4ca146d40b84f91c0f5c69170c2fe6866

      SHA512

      5bd97dbaaadd7143daf952b03816e9c05e4af29778cb6c58b8142f01a6349739d23caf4d427c811210075c2c3a92303f13de311d9e8de00fc1055b4a21b26605

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e6bdf31d950ae72d192de63663b8990c

      SHA1

      91f369617a04274b445840c32247ab497895682e

      SHA256

      f7251f4afab004bd92439fb6612254fb8f4a6a10d2dd4060d0f92e318944a19c

      SHA512

      a133b58712c2515aacfbc2d6a5bcf7bb094a7181db418d55766481e0e5f133e487019bcb4d68bc5ef348c9017bfdb8f56d845ef601e370686fa26cbe5b4ba179

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      643e37ef5d91ac1ef07bb57f34ff74dd

      SHA1

      914324b3a1353638acfb90f900d7c1455aed8321

      SHA256

      5f49e8fe70b98d7dd1141df2dd782f99786040e225b2d1a0480d33c9db5dabb2

      SHA512

      b1cf5d42efc2e758590d20e4844c977d1d21ad5f69bb5407be13e96f43aa7f3712ab085c846901ad8826b55503388883957578d275ffd6298df1ffcc4ef74542

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aaaac6616f380f0329c0d9d7f23902ea

      SHA1

      704be227d3c0dbf3ca205fc9b6bcd402f336c45b

      SHA256

      0b3bc44b3bdb0c8904a8e92729b9392ef9ee6478b84a447416f72270c16f39eb

      SHA512

      8de098a7b16f29071909b904057d570c5f8c68128fa1c8f88f8dc17cfd66d37da425e046231d1ac5bd0f307dc41f95abd09db3181f1a62192b1705e1281a80fd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      92fd19903843724afca19b7e6b8f810b

      SHA1

      e49ade9f466b835d348d302c6cfdcf4da45eac53

      SHA256

      690a2cc2b78cd328b22e52a632daab61dce5c41329c29fe86df6dfc0b0d1d49c

      SHA512

      7d08698cb33fd6dcd022c1f059f0af8be8914c9b4ce3ebb515b3f20956a3d1c689e06aee9e9ac5a7695968c2821cd5b8a60af118522e18b50b051beba2a49252

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3b2bd02c8d732c48e2c9a32a6026a09d

      SHA1

      cae49b147f56b41649c0955cd24312d85c4e8a91

      SHA256

      357780c2e0470f96042a41e3aebcc32f0fd33621799468cc49e63b4a6e77891c

      SHA512

      8955cb4899d6c17a075fefc29a228927c66c6131352f910f56ff67538e2b41184c3996fd5d40f99fb2985e9c30919558e00af0016f8318a6f9934cf0a0d806ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e951bdc9bb47479568f9ce1ae5083a08

      SHA1

      bc5dc74e00b64ab456616c91947f7ec460d38ead

      SHA256

      781987998a1c0122676b287f23069af4e368d3132564b51c543ea7b1303e64ba

      SHA512

      edc7e791bbd8277debe64fef92639287f2817773f7b1c35442dc98d4522fcc538a74e99cdb11d6578f4e78eb08b39011f5a8c074496c027ea66087e969e4bd12

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      71984fa0cff1103d13b1f63b3e488cbe

      SHA1

      9c1c4c6e0af112df68dc138ee46dada342f8476b

      SHA256

      a980e5b658a56db9b6492a416a111979a5d7823060f14e416e4cc0172b002e17

      SHA512

      a435748f9e8f71f53ed5b0d78f511fddbeb9e36d72617529a3d1ab21ff2b7e8c1c5f457f8f158d6f0eeb31b005f177f096f1ecd163023656787907c63ca2a802

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d0fb62a150a30fa6d677ebe55f3f40bc

      SHA1

      832b74fd6c49bf508d1dd3d564aadd363b451145

      SHA256

      1960e5715a23778e8162aaf5604658d61165be611710bf470bdab6c7f107d790

      SHA512

      d82f63a907e790ef5ad4e5132977a9ee20adb8bbc93604ee9046ecd91e49d6eb6c0daf369ec036382cae5b82fc75f7488518a110349c06e735c701cff26e091c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f94c2d70cccc6b9a82296a52fc0f1815

      SHA1

      cde4d8d97c8de28eb7a4ff4b085022120bfce5f1

      SHA256

      8828d1530385648a92a9df5a648a26a31f403d360da68bf3c286713fb1972206

      SHA512

      612b0be10141c50489ed9122a246e181115a7ee1fa31bfd973f0175a4659d5bc8962831318ca999f69bba5201a0e8eea4de8d46fd9a57ba6f98a0696eab0e564

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b12747a8f01292c22fa30a93af86061a

      SHA1

      809df60b6e99e6ecb45a876baa138f7b0fd390b9

      SHA256

      1a727fc2394fca80e15efdd0bf08bf2a6b3b357ddbf30c364450c4e5e0daf5af

      SHA512

      0b3d6289e1cacc20ea1fc6b28a08e599b1e3ef3f3a4cac1bdbc66ed9fbd499ed3dced5c3f07af1678766d86b8e7e1b7de10b84f94202fbfd50d14a71eae4d9a5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d05ee79584d26742358c08354bf532f7

      SHA1

      fd0b425c9fc726c60d91caeb5e313254e0e87d24

      SHA256

      4c83a74502812134706b8af9218749b2ba22f066beb3e5ab563aec2e03e2931c

      SHA512

      971e42ec9fe0801a5b247aed27147793f3f8ee70a334fc04c9f7982acb28460f785d2e59085721da29a20a11a5a3b4da3326b50d71e8b5b349ff7464f6e690b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6849c97043161b32827f9840a6a92d0

      SHA1

      c590e14148b4980afd0ffefd92f494838638ffc5

      SHA256

      cf30463b81b475e4ed7e60f85d01a95911ba0f309efb71c1c040b81cf7c66329

      SHA512

      32e3addb3964672e4d66a71248c114c2413f919fb461d6fdeafd38df8c680fb4ad80c90a74e5657d1daf1b06092669941cf9e8c98863eb42f1df3c233611c61a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e88f8023820c0478d0e29ed59abad4f2

      SHA1

      d703f2645e340f2f2e59b18605c9e378370e85c9

      SHA256

      b8d9a93665af14ddcecdb519f604adc2dc9811862b8b5840580b1926d4a81fa0

      SHA512

      df1b6eef551b3ba5a7158c86411611c157b7c66c6ca4e82553c686d8e67569a349f930751029b0bc512d610801f8bd4b395257cda8ae9b5e101d2d972467587e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4539f8ba3f9ac290c7318e2b816ca169

      SHA1

      5ff355416015aaea5acb04a977e4a3c2052d8af8

      SHA256

      a4c5cbc9ceb4f6bd14b96e5f0cca981a739170cdc58538168c1ec7fb3a8323e7

      SHA512

      beb46cfeab4930ed67486a980d318981cf0348acaddeaea6ba756a537be825b002d3975870b3df7fd6edbb396b9813fb87f71c781473d42d978159f0f0793029

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5da074d414353f4675e0f163cd71b2ea

      SHA1

      8d783a812b389e479c004f08542530f519d78880

      SHA256

      704dc2b47b9de1f2ea9c1acbe0d335925c975aa7f7f190eccfd526febf60588a

      SHA512

      a4015895d1ee4fe05f7d41dfda731654ca42751f113518356d1a98c3eb6bb8f285de3cf72e577c738fd107bd49a2554e488a5256d577ae5068b5b8e88869e592

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      23a93fe266523e9a9d9333c40aca9788

      SHA1

      c1137058d081e9d9cfe8b98d3953d85f988da6da

      SHA256

      b82e0fe339573821eef374818f0275ef8c411bd083ba04fe16a457ef43583ed2

      SHA512

      9c85d3efeb7bb9cb89a90f03f9a87596235492a47d28e7c1493bfe1b7d4410436f3d8a77e1e3bd605e8abcba4c58d7e669f10ead7619c4742e7b0462599c2c2d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      00614a8467e6115a4efc0414f38d7466

      SHA1

      e0a43b61e75f8b9f33607e8a396f132f0d86e794

      SHA256

      7c8284f40aa1e86540b5ef9003eef9691e22dc2dbbe0ebe58b856ce67c441fe8

      SHA512

      6f910b19258a0d6626252c101915630971daa51e28833be12c84485103bcb6924a23eca5b025852261f620b4a5f197a158525deeb8c979edc41dac8b052de476

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aa20519685e1af195075928232df5259

      SHA1

      7d3d9a3127c230986a3a5cc9e242e6d6dce61e5a

      SHA256

      d5b0adcd904a5b68b86bdda298b9057044ffc58ec97ef96a40c609231d501eb7

      SHA512

      781da4ab4febff906b502e55ef11fb7c30ffffdfa59db89c901fe87b08297e25458c3f86b141ef5eefdabc52c052c3b5035fbe52ca9300de88322b401be5c935

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6220.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar62EE.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2140-2-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2140-1-0x000000013F400000-0x000000013F418000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2140-0-0x000007FEF5783000-0x000007FEF5784000-memory.dmp

      Filesize

      4KB

      Download