Overview

overview

10

Static

static

3

1601071004...ie.exe

windows7-x64

10

1601071004...ie.exe

windows10-2004-x64

10

Resubmissions

06-08-2024 06:43

240806-hgyv8awdqa 3

06-08-2024 06:40

240806-hfg63ssbpq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BoneMeal Macro Mod.zip

  • Size

    890KB

  • Sample

    240806-hfg63ssbpq

  • MD5

    02e21073a973a04d482312d38b0b9d71

  • SHA1

    af1947720bf3f4dbd534740acaa3241d3d8274fe

  • SHA256

    d0f357f16f8365b3b8b89bfbfdd6f43a4aa481c35effed319f6dc7ce4cf71258

  • SHA512

    2e33177d2c9f2be76c1855a70c9e096b2a7a8eb2acbfc95b3f4394e1212f0eea64ca6600d31fcd3b3fc013a9fdc09dbf28b6c3ed6b8715f4ad88ae159da5d96f

  • SSDEEP

    12288:/xtl1tHzqZTlBQ06ZdlFoKsvhYnFJpbdOwJTO93BVVVE2lK2am/grN8K5yuMOB/O:55t+ZTl368KCh21xO9g2DQNilGq831Ru

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNTMzOTUzNjEwMDY5NjA3NA.GE6gMg.mfWLL6-p2ZTIG_q9R9EM57japDdbe-TVG83A5E

  • server_id

    1205339412481704017

Targets

    • Target

      160107100400-monkey-selfie.exe

    • Size

      1.2MB

    • MD5

      a4880b8dead5dd953df4c7e3f1afef44

    • SHA1

      e9a098cf38d19999153b7a13e13dce9d80ba311f

    • SHA256

      f22d8d5aac00f66414ca8b74b0c023f8adbef57698e9b64532d6fdaa1b41693b

    • SHA512

      6b46d687b2a96c36580a5993cb1585a77f61cc42da459aef8665220b2c77f5e9934bb659c1bd909e36cbcb7e4399904a09fe2819e2ed9da068fd99286eca0177

    • SSDEEP

      24576:YuDXTIGaPhEYzUzA0L/bfvbdlgNM2FsNCPq0MH9KI:XDjlabwz9rgOtLoI

    Score
    10/10
    discordratdiscoverypersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks