Resubmissions
29-09-2024 20:34
240929-zcm2latanb 10General
-
Target
1.exe
-
Size
7.7MB
-
Sample
240929-zcm2latanb
-
MD5
aae615342536753130bd1d5e8237e9fb
-
SHA1
7d2daea635dff89972006b162be6dd2be1f18b71
-
SHA256
2f61631dd0ba599bb8c49d131667acdb9b5732ccacc36f1e2daa430d676a493c
-
SHA512
385f1ae3616dd3074d7beb930269b134a07f1b4593b84edd993dd7f7ad7a30ef54630a87bc3db872ed431e473fe8b37587d439742d747a51e1900d7828f34099
-
SSDEEP
196608:je0YCAeNTfm/pf+xk4dfrl7RptrbWOjgrG:Asy/pWu4NpRptrbvMrG
Malware Config
Extracted
discordrat
-
discord_token
MTI4OTU5MTU3OTc0NDY2NTYwMQ.G59gK6.pTTAFMCAOLdVTFHpDhN9HLghhBJ8ROJ9r3Sw6Q
-
server_id
1289604307905413142
Targets
-
-
Target
1.exe
-
Size
7.7MB
-
MD5
aae615342536753130bd1d5e8237e9fb
-
SHA1
7d2daea635dff89972006b162be6dd2be1f18b71
-
SHA256
2f61631dd0ba599bb8c49d131667acdb9b5732ccacc36f1e2daa430d676a493c
-
SHA512
385f1ae3616dd3074d7beb930269b134a07f1b4593b84edd993dd7f7ad7a30ef54630a87bc3db872ed431e473fe8b37587d439742d747a51e1900d7828f34099
-
SSDEEP
196608:je0YCAeNTfm/pf+xk4dfrl7RptrbWOjgrG:Asy/pWu4NpRptrbvMrG
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-