Overview

overview

10

Static

static

3

14ab1780c8...27.exe

windows7-x64

10

14ab1780c8...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14ab1780c89dd769a95c964cc6bf152514034a2ffc55a4305ff5e71719b75c27

  • Size

    761KB

  • Sample

    241011-16n2es1gnj

  • MD5

    71f5e9237f4f6d09e58095147d2bfeb8

  • SHA1

    82059dd096fd1626fdd3dcd154e7cf3c0afffb52

  • SHA256

    14ab1780c89dd769a95c964cc6bf152514034a2ffc55a4305ff5e71719b75c27

  • SHA512

    03bda8b5316460c1c273719935968cd57a20a25ba7b80767da16210625fba656451bfc35c58908af5b48c7abbb49a97315a5e64c17b69002d34a0ef3f58c93a3

  • SSDEEP

    12288:fzxzTDWikLSb4NS7H+7HX/OQvz/ZTKCbgA0IyuXX:dDWHSb4Nn7POsz/ZT5gFIycX

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNDYyNDM2OTY0OTg1MjUxOA.Gyboi1.3R0hC9ZYxTw5CzGRoFtSRbIV3eEcPNOM7wQf0E

  • server_id

    1204622844772753458

Targets

    • Target

      14ab1780c89dd769a95c964cc6bf152514034a2ffc55a4305ff5e71719b75c27

    • Size

      761KB

    • MD5

      71f5e9237f4f6d09e58095147d2bfeb8

    • SHA1

      82059dd096fd1626fdd3dcd154e7cf3c0afffb52

    • SHA256

      14ab1780c89dd769a95c964cc6bf152514034a2ffc55a4305ff5e71719b75c27

    • SHA512

      03bda8b5316460c1c273719935968cd57a20a25ba7b80767da16210625fba656451bfc35c58908af5b48c7abbb49a97315a5e64c17b69002d34a0ef3f58c93a3

    • SSDEEP

      12288:fzxzTDWikLSb4NS7H+7HX/OQvz/ZTKCbgA0IyuXX:dDWHSb4Nn7POsz/ZT5gFIycX

    Score
    10/10
    discordratdiscoverypersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks