Overview

overview

3

Static

static

1

discord-ra...in.zip

windows7-x64

1

discord-ra...in.zip

windows10-2004-x64

1

discord-ra...max.py

windows7-x64

3

discord-ra...max.py

windows10-2004-x64

3

discord-ra...obf.py

windows7-x64

3

discord-ra...obf.py

windows10-2004-x64

3

discord-ra...tup.py

windows7-x64

3

discord-ra...tup.py

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 21:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    discord-rat-2024-main/setup.py

  • Size

    5KB

  • MD5

    aa1c7435eb18244053e604b0d3c7bf73

  • SHA1

    d7cc12a72b152ef9b0f7c6fdddfb0c8dc2ab3899

  • SHA256

    b28f3cf5fb4a8ab12f2837313d0840b98ea9cf4df5f2a3b75760985a3334dd2f

  • SHA512

    f4edcd646a37f041174f9b98f5e2615b717a4b6c38a695ec5386f2e22cd2c3c62d69124d8074383bbd07655a0feb7581e752a21160854751734982b27df8577d

  • SSDEEP

    96:mgSBte1FraCReM9bvID/N6rv48uIjczNNzbMEsvg29Ly0M:m9Bte1FraCRz8/NbPF29Ly0M

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\discord-rat-2024-main\setup.py
    1⤵
    • Modifies registry class
    PID:4080
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3680

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads