discordrat | svchost[.]zip | Triage

Resubmissions

14-09-2024 15:17

240914-sn8n4s1crh 10

14-09-2024 14:48

240914-r6jx2ayhnm 10

Sharing

General

Target

svchost.zip
Size

27KB
MD5

8073e2b35e254b3a2f12b25dff9fe480
SHA1

13779d36e76a5509be02ad9da1e596b53a4e9682
SHA256

6f2ef5858f6531a0ed339ab46ddc3561b7c0480d788972d7264c90fb474fe716
SHA512

a955b84caf6b7e61eef9d3c1c972c5c18d26539f6007e601953734616dfb8e5d3f49472cc99b31cda1d401a2ace71ef9ed620117695280783e6099d8c3eaefd1
SSDEEP

768:6gZMqAosIQkA9NEoCjmVGCbH2eNbCT3BHtykn9tpWAnjYiatksh34FvuUpj:B95YCjk1WeNbCTBHgk9tESva6ccvj

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNDI4ODU0MzM2NzgyMzQ2MA.GV0m0h.MteSthu-bNQUCOFRF7SKbN-Ev4LrwJ5c9GvsKo
server_id
1214286153285378130

Signatures

Discordrat family
discordrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/svchost.exe

Files

svchost.zip
.zip
svchost.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ