Overview

overview

10

Static

static

10

AllizSpoofer.exe

windows7-x64

10

AllizSpoofer.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AllizSpoofer.exe

  • Size

    78KB

  • Sample

    240920-pbe99awcjn

  • MD5

    fce4de2c4e5a0138fc162ce7e73ffdc2

  • SHA1

    732fcd5f024aa5752b2ef3d8f6ddf0f40e93c714

  • SHA256

    43409f8adcbaae22211ffac1ae7075fd02b8e31e6a045fc5ef33c61e8f80d5f3

  • SHA512

    22be75bed543e2541f37890541eb0e8a2ad526c1c5f1dd7c930a13857f23804dbdf4339772a17d5d40e4b8c24f9b6c5df2ecc3587f8f65b58dc8eff4d09ea406

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score
10/10
discordratpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI4NjYzMjk0Njg1NzY3MjcwNA.GRnd3c.uBOFgmowGMuT8g9W0s-CmrMTXr5VDVgIZ5biXM

  • server_id

    1286626810435731498

Targets

    • Target

      AllizSpoofer.exe

    • Size

      78KB

    • MD5

      fce4de2c4e5a0138fc162ce7e73ffdc2

    • SHA1

      732fcd5f024aa5752b2ef3d8f6ddf0f40e93c714

    • SHA256

      43409f8adcbaae22211ffac1ae7075fd02b8e31e6a045fc5ef33c61e8f80d5f3

    • SHA512

      22be75bed543e2541f37890541eb0e8a2ad526c1c5f1dd7c930a13857f23804dbdf4339772a17d5d40e4b8c24f9b6c5df2ecc3587f8f65b58dc8eff4d09ea406

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

    Score
    10/10
    discordratpersistenceratrootkitstealerspyware

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks