Extracted

• • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    e7619dea03aabbb3b878797dade39f74

  • SHA1

    f33fa0a714510ee2e51f62e2b6e2b4167cdf2f09

  • SHA256

    35aab316cd44d29aa09a4b470cb6e645b3a23c33ca1f2b3861ba2c9fa78e309f

  • SHA512

    f8c846b05b3c19beaaa1aefde43bcd0d5baa19e63dccaeaa1851c6b9b2da631cbd537116750122197a872e0be34b8bf2ec5cb8c22dd9592ea37b056c3d0dc44b

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

  Score

  10^/10

  discordratdefense_evasiondiscoveryevasionpersistenceprivilege_escalationransomwareratrootkitspywarestealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • Indicator Removal: Clear Windows Event Logs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of SetThreadContext

  behavioral1