Overview

overview

10

Static

static

10

ExtismaInstaller.exe

windows7-x64

10

ExtismaInstaller.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 08:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ExtismaInstaller.exe

  • Size

    78KB

  • MD5

    dbded7a1d0e624461adf194b7b3c2a2a

  • SHA1

    4cd20d491ca4557df164f3a55250f672d0ee741c

  • SHA256

    0ad223fb8ac6cccf0a175be22dd1c23dc0677ee68ffea54748c65666d61fb83e

  • SHA512

    8817548fa3e1f974f192959b11dea44a3bcd1f3854314f16595ad25ccea2a218aa11bd1cac18d7853be075262a52dbcfdedeb79ba4af2eacc9e71d65b024e3f3

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+8PIC:5Zv5PDwbjNrmAE+wIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI3MzE1OTY4MjQyMDM3NTU1Mw.Gn3rjn.16uSgw1poh99hESbArS2eps1smo2rBYVkfWJ0g

  • server_id

    1273160414523293738

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ExtismaInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\ExtismaInstaller.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1964 -s 600
      2⤵
        PID:2076

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1964-0-0x000007FEF5793000-0x000007FEF5794000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-1-0x000000013F910000-0x000000013F928000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1964-2-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1964-3-0x000007FEF5793000-0x000007FEF5794000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-4-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

      Filesize

      9.9MB

      Download