discordrat | 7579c4ce51e780841d1a2dd2c83e3dde93441a84a488316dbd19d1e3a0cf03c4

Resubmissions

07-10-2024 05:41

241007-gdw2sayeqn 10

06-10-2024 04:26

241006-e2w1ksselq 10

02-10-2024 13:22

241002-ql9saaxhmr 10

Sharing

Copy URL

Twitter E-mail

General

Target

ggsploit.zip
Size

309KB
Sample

241006-e2w1ksselq
MD5

37370dccbd95f63e49593a17cb3929aa
SHA1

1a4d8f94634753440fb570eb20e259f57cbb7308
SHA256

7579c4ce51e780841d1a2dd2c83e3dde93441a84a488316dbd19d1e3a0cf03c4
SHA512

6e7b231237a70f6c57e4135b2be32432c83ac74b1de5de77c2b85f806c0060889a99b9cda8cd32c374a02a092ea77af143feed21614644eea8548c4ac817f01c
SSDEEP

6144:gIw5OkChoEFViKBpHL2tJMDBvOSuC+ULfkZ4bbrOK2sVW5KquT2ofj:gXs4GprSGVuChL8c/OK2sVW5vU

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5MDc3NzUxNTM1NDIyNjY5OQ.GRewL1.rZmEWtyFw1xziPUaWh2BVUvRwh05H7FaxQvvbM
server_id
1290772191046139915

Extracted

Family

remcos

Version

5.1.3 Light

Botnet

ggsploit V1.2.2

127.0.0.1:4444

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-IY8ZNV
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  ggsploit.zip
- Size
  
  309KB
- MD5
  
  37370dccbd95f63e49593a17cb3929aa
- SHA1
  
  1a4d8f94634753440fb570eb20e259f57cbb7308
- SHA256
  
  7579c4ce51e780841d1a2dd2c83e3dde93441a84a488316dbd19d1e3a0cf03c4
- SHA512
  
  6e7b231237a70f6c57e4135b2be32432c83ac74b1de5de77c2b85f806c0060889a99b9cda8cd32c374a02a092ea77af143feed21614644eea8548c4ac817f01c
- SSDEEP
  
  6144:gIw5OkChoEFViKBpHL2tJMDBvOSuC+ULfkZ4bbrOK2sVW5KquT2ofj:gXs4GprSGVuChL8c/OK2sVW5vU
Score

1^/10
behavioral1 behavioral2
- Target
  
  ggsploit V1.2.4.exe
- Size
  
  78KB
- MD5
  
  63f4d849f06b2d5299132c7a49d9951d
- SHA1
  
  39d400642e22b0b13044a92c52895d879b7130d1
- SHA256
  
  ce1fcacce7353155439f4064d90b2c6996be833666a6fc8cb58fcc9874aaa204
- SHA512
  
  63f2ac4eda24973c3a003d30c93debe132be8f357fb1089f5169bd4ef54a0bef7c1794be8f83f4c60f0eb34df797c909f05e692987bd4c7682270d558f69375e
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC
Score

10^/10

discordrat discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
behavioral3 behavioral4
- Target
  
  logo.jpeg
- Size
  
  5KB
- MD5
  
  a2f105b718afaa4fc57c313e87a3f2c8
- SHA1
  
  2f3ff5f9632d37bb11f7a36e90c8c5ef126937f1
- SHA256
  
  3307b3d05c139f6b82fd654f9fa71752967b67cf081ba9c7ac3fbba4bdd915a3
- SHA512
  
  e4c87157644b73f4dcdf753c6d40fad496b71fa5636de396cffbe19bceee7856a4f63bf4d5f6d480525fb70136c9c664c10b0c85774d82e21625efac7f2c5d41
- SSDEEP
  
  96:Xtv6EZxaoE4OWfxhRjcBRkyQRxdS7afU4pvGgenkPN1mEFnsB8:564xm4Dfx/ARkygNTpO9kPN1mD8
Score

3^/10
behavioral5 behavioral6
- Target
  
  logo2.png
- Size
  
  50KB
- MD5
  
  78c9197ff1e51a20cbecf8aee2e0e385
- SHA1
  
  073eefb8bafa423df05a85c7409d3b05760a00ca
- SHA256
  
  ba948d56a9fb17a09a1a293c4dfa51753078c02a54de7658b2012c4503d34f48
- SHA512
  
  87f965c5ab629a71052c2ba99d386fe61258b0acdfebe171b3c7a9028d0fa0d6f3c929c38e380c448220b217ebb9f7b9afb7b543f36eb7606b87185c54edba98
- SSDEEP
  
  1536:nrRzWbogKQSsDF8+f4B341Fkr/XRnVdXfuBY:VK/KQxF8o4B3rpnVdX2C
Score

3^/10
behavioral7 behavioral8
- Target
  
  unins000.exe
- Size
  
  430KB
- MD5
  
  f07c34de89f91cdf9379f051a1135c7c
- SHA1
  
  a161b99283640266188c3b66b864555d0f91a5f3
- SHA256
  
  69a5b8d0c2b1f72db5f4afdb29926b1d919225f46c2b6f3022a556ac136c3a6e
- SHA512
  
  ab83d283974c59ac2c3aced51a536f41b253b62272a11bb1782f3a47beda800f1230b8d376d8366d72db75cb37482cf9aef6a4fa7e4acd18fe445f4e1cfc9064
- SSDEEP
  
  6144:svRscHtVzjwIRFzJZ2p26+jFWXYnj9iT2ebvXmUcCqkmAO2rjXH7ycDt3:svRs4OIm2hWX4U2ebvRUAr7773
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Discord RAT

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10