Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Resubmissions

01-08-2024 23:08

240801-241g4swcpc 10

01-08-2024 13:26

240801-qprqwaxakh 10

Analysis

  • max time kernel
    59s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    2c2a80b7bdf3fa8cb1407163c66b2184

  • SHA1

    5c1521787bb363b91510c6615ce387a81888dde2

  • SHA256

    ea5cc81ce53737a0d2d23c3cafb1414ea26c86368f301eed01fb00ddfec0ea1c

  • SHA512

    9271888b5ad1ddbc8394a34af1d2a2c9c3f6c7d762cd18717ac5c12e4a9e0dfa02c80eebed54dbc0e80290a7afcfa10a1cb847f382250f4ebb97b941915cd9b2

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+DPIC:5Zv5PDwbjNrmAE+bIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI2ODA5NDg2ODg0MDc3NTY4MQ.GMqsKG.fTOtFQtG4XIs5szmOaKluXcSYy6jMs-9mbxvoU

  • server_id

    1139953620696191017

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Drops desktop.ini file(s) 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 52 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5112
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\UseTrace.xlsx"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4372
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0 /state0:0xa3971855 /state1:0x41c64e6d
    1⤵
    • Drops desktop.ini file(s)
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-857544305-989156968-2929034274-1000\ReadOnly\LockScreen_O\LockScreen___1280_0720_notdimmed.jpg
    Filesize

    328KB

    MD5

    93b82b2fc619be4c6e31d9e2d84dc1ca

    SHA1

    eceedd96caa3d5a21da6d36e39a454a07624f4b3

    SHA256

    b592591eaa92a264c00b03dd40aefc474d3b40b680471681ef0bcfa6cbe50869

    SHA512

    8c3f801933c0f78cb1bd74635e8bc781c2579ac52bf570f031bf9c7b5ff18a8bc2572d1811953bb123c8aff8c0def438b94016589663875a974653ca0a984365

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    383B

    MD5

    a0fd3a8e4e51e446199a5dbea74111ec

    SHA1

    076b1eb16cac0a5ca8212150a396e75d82664ca9

    SHA256

    5187a6c7abc1d5b699bfdd85a23272410595b110dd54bcee917d6d3447bac5f0

    SHA512

    af859c7c4a5fdac801f3efad62bdb862b4d62afc2724901edbb0338e17f92db9ea2cbe3408075ecc619b9c4f0a34afbdcbf5c139338f4ee6a5201a17ee2f6cee

    Download Submit

  • memory/4372-15-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-56-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-59-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-5-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-8-0x00007FFD2ABCD000-0x00007FFD2ABCE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4372-7-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-18-0x00007FFCE82F0000-0x00007FFCE8300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-6-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-10-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-11-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-14-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-13-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-16-0x00007FFCE82F0000-0x00007FFCE8300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-17-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-12-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-57-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-9-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-19-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-20-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-23-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-22-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-24-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-25-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-21-0x00007FFD2AB30000-0x00007FFD2AD25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4372-58-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4372-55-0x00007FFCEABB0000-0x00007FFCEABC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-42-0x00007FFD0C610000-0x00007FFD0D0D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5112-2-0x000001BF31B50000-0x000001BF31D12000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/5112-3-0x00007FFD0C610000-0x00007FFD0D0D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5112-0-0x00007FFD0C613000-0x00007FFD0C615000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5112-4-0x000001BF32350000-0x000001BF32878000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/5112-1-0x000001BF17540000-0x000001BF17558000-memory.dmp

    Filesize

    96KB

    Download