Overview

overview

10

Static

static

3

clean‮gnp.exe

windows7-x64

10

clean‮gnp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    clean‮gnp.exe

  • Size

    618KB

  • Sample

    241009-28wpqawgkj

  • MD5

    8b948933b21a7dd25cc33d9f6b3447c3

  • SHA1

    0a8d15db88452a429b56f17e238ddce2a21b3f43

  • SHA256

    77e7b02a53f97e11d03a6940fcc19a88ba209fc8b68808e2fe3c0af1ccf420b7

  • SHA512

    7365e471018ea79830ce390bdb9be0fd35db7e70177b7cad7f9405986a748637ea91c11c2f32f252aa4ec1d884c611afdce00b800adc53252a4ec94bb6d53c61

  • SSDEEP

    12288:nyveQB/fTHIGaPkKEYzURNAwbAg8Poc1Z8ussuYt7We8TFenrLSV0JsvC:nuDXTIGaPhEYzUzA0qwcuU8xenrV

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI5MzcwODM2NDc0ODE2MTAyNA.G0Wnp_.qVTNSpK-sScLmXdgwlSHCOmqRogcTbVxef1qu4

  • server_id

    1293707853391204382

Targets

    • Target

      clean‮gnp.exe

    • Size

      618KB

    • MD5

      8b948933b21a7dd25cc33d9f6b3447c3

    • SHA1

      0a8d15db88452a429b56f17e238ddce2a21b3f43

    • SHA256

      77e7b02a53f97e11d03a6940fcc19a88ba209fc8b68808e2fe3c0af1ccf420b7

    • SHA512

      7365e471018ea79830ce390bdb9be0fd35db7e70177b7cad7f9405986a748637ea91c11c2f32f252aa4ec1d884c611afdce00b800adc53252a4ec94bb6d53c61

    • SSDEEP

      12288:nyveQB/fTHIGaPkKEYzURNAwbAg8Poc1Z8ussuYt7We8TFenrLSV0JsvC:nuDXTIGaPhEYzUzA0qwcuU8xenrV

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks