Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1173804304495284314/1297356733630644335/bang_executor_1_7.zip?ex=6715a11d&is=67144f9d&hm=f8d6dbdecaf380f137ced42906c0ccc92d41cd70b45db6b25d4fbeb954334726&

  • Sample

    241020-awje3sycka

Score
10/10
discordratdefense_evasiondiscoveryevasionpersistenceransomwareratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwOTg2MTMwMjI4MTgzMDUxMA.Gmqajy._4CylftOq4LrZdENLJ2TSDf4hCqEAkBOhAXtEI

  • server_id

    1209860808411189308

Targets

    • Target

      https://cdn.discordapp.com/attachments/1173804304495284314/1297356733630644335/bang_executor_1_7.zip?ex=6715a11d&is=67144f9d&hm=f8d6dbdecaf380f137ced42906c0ccc92d41cd70b45db6b25d4fbeb954334726&

    Score
    10/10
    discordratdefense_evasiondiscoveryevasionpersistenceransomwareratrootkitstealer

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks