Overview

overview

10

Static

static

1

Avast Prem...24.zip

windows10-1703-x64

10

Avast Prem...ty.zip

windows10-1703-x64

1

Password = 26525.txt

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Avast Premium Security 2024.zip

  • Size

    6.9MB

  • Sample

    241005-kmythszere

  • MD5

    a9e34919dba3ee85f0ca706ca0855688

  • SHA1

    f0421be6133dedfaa6a8c39f8088d68059c3bae9

  • SHA256

    f11a8e261149a800afb26b58b4c6444044d114341e4aee89162e660301e25931

  • SHA512

    7ee11f73f5ef69032cfaf33d5bddf58403fc8036c9a32b920da69d0389b42ab6299d0f046933edb682319105400d8514dd41fab47c39a32e3965b7fc5ace2099

  • SSDEEP

    196608:MoBzIz68ro1mRGUyCSbxJPjId9gnZGLg7UmseIaPnW:580UM6ynPkduAE4mseI4W

Score
10/10
discordratbootkitdiscoverypersistencepyinstallerratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI5MjAzODMzMzg2MTU5MzE1OA.G5sZNP.gCLJmcjtZebekrSqtPvZ5vRbVRiD5QcS6QhRx0

  • server_id

    1292036314178256939

Targets

    • Target

      Avast Premium Security 2024.zip

    • Size

      6.9MB

    • MD5

      a9e34919dba3ee85f0ca706ca0855688

    • SHA1

      f0421be6133dedfaa6a8c39f8088d68059c3bae9

    • SHA256

      f11a8e261149a800afb26b58b4c6444044d114341e4aee89162e660301e25931

    • SHA512

      7ee11f73f5ef69032cfaf33d5bddf58403fc8036c9a32b920da69d0389b42ab6299d0f046933edb682319105400d8514dd41fab47c39a32e3965b7fc5ace2099

    • SSDEEP

      196608:MoBzIz68ro1mRGUyCSbxJPjId9gnZGLg7UmseIaPnW:580UM6ynPkduAE4mseI4W

    Score
    10/10
    discordratbootkitdiscoverypersistencepyinstallerratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

    • Target

      Avast Premium Security.zip

    • Size

      6.9MB

    • MD5

      3fb15f8540e7a714d18a28830ad32861

    • SHA1

      f2bb4a14ee1a0cc9fdecc52e635522efe44f0ec4

    • SHA256

      c2de7bb7a958193c79166c33e8f5fefe4313106611b0a73ce4b459b7d1a2d479

    • SHA512

      15e073f6e97215a9e527dd237f568b5041d8e4e2c918dadc1f22847b0e8647729bcb0ba7d14410886468d8829a83c77aba75d4a042abf49e9f2ab0201061f353

    • SSDEEP

      196608:XoBzIz68ro1mRGUyCSbxJPjId9gnZGLg7UmseIaPnK:o80UM6ynPkduAE4mseI4K

    Score
    1/10
    behavioral2

    • Target

      Password = 26525.txt

    • Size

      8KB

    • MD5

      a09e13c0f35c3d03515dc7ef790ff65e

    • SHA1

      fda3f5612b55a0d4c53f553297e6e5725b379048

    • SHA256

      a05128752f580137b0b936aaad2c8ea14395643bfd030ca44f996c61a19e6ce4

    • SHA512

      bed10da92a8bfa07b90e523d33d2f67e842b452d84c80d5d9e263ffc1b160a9c73d10f43291ced05447b569934b7d97652eefe221da513899aa1eb507bec3b42

    • SSDEEP

      48:mzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzO:/

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks