Overview

overview

10

Static

static

3

fc17594457...7f.exe

windows7-x64

10

fc17594457...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc1759445792652340cdf648f637d7b5000b913c1ee2eb05ac2837ae15aed57f

  • Size

    805KB

  • Sample

    241011-evx93avdjb

  • MD5

    1e4a9746b0ffb6eb4df73f6d524f09be

  • SHA1

    be1127a1fa6b2f758c0ec68d5ef25b3db2ce0446

  • SHA256

    fc1759445792652340cdf648f637d7b5000b913c1ee2eb05ac2837ae15aed57f

  • SHA512

    28f7b203691334e260b458f16b982caf69b5196773e1a889baacbea36a065773a5334688507d67d8db647bed5bb911f8a6b85e368e73e438d05b9d5dfdcc638a

  • SSDEEP

    12288:nLMEalqxXblqoRX5qbfphLxaOwwqiX6WWvf8GveIujO7s:LqaXNabfphLxaU1qWafiIot

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI5MzAxNDU0MjAwMzA3NzE5Mw.GUx5sJ.WCIjRKvDviF83VGQ_82BvMjbWVWWLpPc9yATx8

  • server_id

    1081245691520761917

Targets

    • Target

      fc1759445792652340cdf648f637d7b5000b913c1ee2eb05ac2837ae15aed57f

    • Size

      805KB

    • MD5

      1e4a9746b0ffb6eb4df73f6d524f09be

    • SHA1

      be1127a1fa6b2f758c0ec68d5ef25b3db2ce0446

    • SHA256

      fc1759445792652340cdf648f637d7b5000b913c1ee2eb05ac2837ae15aed57f

    • SHA512

      28f7b203691334e260b458f16b982caf69b5196773e1a889baacbea36a065773a5334688507d67d8db647bed5bb911f8a6b85e368e73e438d05b9d5dfdcc638a

    • SSDEEP

      12288:nLMEalqxXblqoRX5qbfphLxaOwwqiX6WWvf8GveIujO7s:LqaXNabfphLxaU1qWafiIot

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks