Extracted

• • Target

    Update Check.exe

  • Size

    4.2MB

  • MD5

    d53d1f00ed58f99f59822c2d2d544010

  • SHA1

    0b7044e63ad051185cdfac92e23ce85af8faa9c8

  • SHA256

    58638ff7af545a8ddf3d05ec44b916de2f6e5e3a3d9ed1d9ac95c43737b3d974

  • SHA512

    4fe5428921a60bd4fdb5f91a4a0e35d6656f14071a2841a254523e04608cc89b79662b538e5f34aa157540fd87efd98a34be8bf662e2f5ed94abd85fc3f3b9e8

  • SSDEEP

    98304:SelujKJAy3ppt06bZmCOHDujxBJSjMgL3+ylLGEeU4uz1P9zz9Izjhed:SZ1yZpt06NmPjuBYAAOylLGEeRy9zz9r

  Score

  10^/10

  discordratevasionpersistenceratrootkitstealerthemidatrojan

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2