Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Cheats men...te.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    425s
  • max time network
    1152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/10/2024, 17:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cheats menu for fortnite.exe

  • Size

    78KB

  • MD5

    7632b9a1ef8d1a2b90034c1989933a58

  • SHA1

    a4ae9ea3b20ad6a8076098024c16cf09c685617d

  • SHA256

    812863156555149ccbf6760f517ad579767cb63a500d303674249c7f6ed432b2

  • SHA512

    13794fb812009774029a0791205ef7051702f86a91bee93928ec67680024a40919e83af1427e678d4c92a59263afdc6ad679e379b2b5d86f93f876a9be866e17

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+EPIC:5Zv5PDwbjNrmAE+YIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI5OTU0MTkzODU1MDA3OTUxOQ.Gvl4gU.7Q7wHcMNYjKHO68jzzoW82f8cEH9pdp_UfcuOE

  • server_id

    1299543473954754560

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cheats menu for fortnite.exe
    "C:\Users\Admin\AppData\Local\Temp\Cheats menu for fortnite.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4332

Network

  • flag-us
    DNS
    gateway.discord.gg
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    gateway.discord.gg
    IN A
    Response
    gateway.discord.gg
    IN A
    162.159.135.234
    gateway.discord.gg
    IN A
    162.159.136.234
    gateway.discord.gg
    IN A
    162.159.134.234
    gateway.discord.gg
    IN A
    162.159.133.234
    gateway.discord.gg
    IN A
    162.159.130.234
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    discord.com
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    discord.com
    IN A
    Response
    discord.com
    IN A
    162.159.135.232
    discord.com
    IN A
    162.159.136.232
    discord.com
    IN A
    162.159.128.233
    discord.com
    IN A
    162.159.138.232
    discord.com
    IN A
    162.159.137.232
  • flag-us
    DNS
    234.135.159.162.in-addr.arpa
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    234.135.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    geolocation-db.com
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    geolocation-db.com
    IN A
    Response
    geolocation-db.com
    IN A
    159.89.102.253
  • flag-us
    DNS
    raw.githubusercontent.com
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    raw.githubusercontent.com
    IN A
    Response
    raw.githubusercontent.com
    IN A
    185.199.110.133
    raw.githubusercontent.com
    IN A
    185.199.109.133
    raw.githubusercontent.com
    IN A
    185.199.108.133
    raw.githubusercontent.com
    IN A
    185.199.111.133
  • flag-us
    DNS
    nexusrules.officeapps.live.com
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    nexusrules.officeapps.live.com
    IN A
    Response
    nexusrules.officeapps.live.com
    IN CNAME
    prod.nexusrules.live.com.akadns.net
    prod.nexusrules.live.com.akadns.net
    IN A
    52.111.229.19
  • flag-us
    DNS
    self.events.data.microsoft.com
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    self.events.data.microsoft.com
    IN A
    Response
    self.events.data.microsoft.com
    IN CNAME
    self-events-data.trafficmanager.net
    self-events-data.trafficmanager.net
    IN CNAME
    onedscolprdweu10.westeurope.cloudapp.azure.com
    onedscolprdweu10.westeurope.cloudapp.azure.com
    IN A
    20.50.201.204
  • flag-us
    DNS
    self.events.data.microsoft.com
    Cheats menu for fortnite.exe
    Remote address:
    8.8.8.8:53
    Request
    self.events.data.microsoft.com
    IN A
  • flag-us
    DNS
    232.135.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.135.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    253.102.89.159.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    253.102.89.159.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.110.199.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.110.199.185.in-addr.arpa
    IN PTR
    Response
    133.110.199.185.in-addr.arpa
    IN PTR
    cdn-185-199-110-133githubcom
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    204.201.50.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    204.201.50.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ctldl.windowsupdate.com
    Remote address:
    8.8.8.8:53
    Request
    ctldl.windowsupdate.com
    IN A
    Response
    ctldl.windowsupdate.com
    IN CNAME
    ctldl.windowsupdate.com.delivery.microsoft.com
    ctldl.windowsupdate.com.delivery.microsoft.com
    IN CNAME
    wu-b-net.trafficmanager.net
    wu-b-net.trafficmanager.net
    IN CNAME
    bg.microsoft.map.fastly.net
    bg.microsoft.map.fastly.net
    IN A
    199.232.210.172
    bg.microsoft.map.fastly.net
    IN A
    199.232.214.172
  • flag-us
    DNS
    ocsp.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    ocsp.digicert.com
    IN A
    Response
    ocsp.digicert.com
    IN CNAME
    ocsp.edge.digicert.com
    ocsp.edge.digicert.com
    IN CNAME
    fp2e7a.wpc.2be4.phicdn.net
    fp2e7a.wpc.2be4.phicdn.net
    IN CNAME
    fp2e7a.wpc.phicdn.net
    fp2e7a.wpc.phicdn.net
    IN A
    192.229.221.95
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-de
    GET
    https://geolocation-db.com/json
    Cheats menu for fortnite.exe
    Remote address:
    159.89.102.253:443
    Request
    GET /json HTTP/1.1
    Host: geolocation-db.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx/1.14.0 (Ubuntu)
    Date: Sat, 26 Oct 2024 17:29:19 GMT
    Content-Type: text/html
    Content-Length: 194
    Location: https://geolocation-db.com/json/
    Connection: keep-alive
  • flag-de
    GET
    https://geolocation-db.com/json/
    Cheats menu for fortnite.exe
    Remote address:
    159.89.102.253:443
    Request
    GET /json/ HTTP/1.1
    Host: geolocation-db.com
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Sat, 26 Oct 2024 17:29:19 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ctldl.windowsupdate.com
    Remote address:
    8.8.8.8:53
    Request
    ctldl.windowsupdate.com
    IN A
    Response
    ctldl.windowsupdate.com
    IN CNAME
    ctldl.windowsupdate.com.delivery.microsoft.com
    ctldl.windowsupdate.com.delivery.microsoft.com
    IN CNAME
    wu-b-net.trafficmanager.net
    wu-b-net.trafficmanager.net
    IN CNAME
    bg.microsoft.map.fastly.net
    bg.microsoft.map.fastly.net
    IN A
    199.232.210.172
    bg.microsoft.map.fastly.net
    IN A
    199.232.214.172
  • 162.159.135.234:443
    gateway.discord.gg
    tls
    Cheats menu for fortnite.exe
    3.4kB
     46.9kB
     56
    65
  • 162.159.135.232:443
    discord.com
    tls
    Cheats menu for fortnite.exe
    1.2kB
     5.8kB
     10
    12
  • 159.89.102.253:443
    https://geolocation-db.com/json/
    tls, http
    Cheats menu for fortnite.exe
    987 B
     4.5kB
     10
    10

    HTTP Request

    GET https://geolocation-db.com/json

    HTTP Response

    301

    HTTP Request

    GET https://geolocation-db.com/json/

    HTTP Response

    200
  • 162.159.135.232:443
    discord.com
    tls
    Cheats menu for fortnite.exe
    1.4kB
     3.5kB
     9
    10
  • 185.199.110.133:443
    raw.githubusercontent.com
    tls
    Cheats menu for fortnite.exe
    1.5kB
     46.8kB
     22
    37
  • 162.159.135.232:443
    discord.com
    tls
    Cheats menu for fortnite.exe
    1.3kB
     3.4kB
     8
    9
  • 162.159.135.232:443
    discord.com
    tls
    Cheats menu for fortnite.exe
    1.4kB
     3.5kB
     9
    10
  • 162.159.135.232:443
    discord.com
    tls
    Cheats menu for fortnite.exe
    441.6kB
     8.7kB
     327
    122
  • 162.159.135.232:443
    discord.com
    tls
    Cheats menu for fortnite.exe
    1.4kB
     3.5kB
     9
    11
  • 8.8.8.8:53
    gateway.discord.gg
    dns
    Cheats menu for fortnite.exe
    624 B
     1.1kB
     9
    8

    DNS Request

    gateway.discord.gg

    DNS Response

    162.159.135.234
    162.159.136.234
    162.159.134.234
    162.159.133.234
    162.159.130.234

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    discord.com

    DNS Response

    162.159.135.232
    162.159.136.232
    162.159.128.233
    162.159.138.232
    162.159.137.232

    DNS Request

    234.135.159.162.in-addr.arpa

    DNS Request

    geolocation-db.com

    DNS Response

    159.89.102.253

    DNS Request

    raw.githubusercontent.com

    DNS Response

    185.199.110.133
    185.199.109.133
    185.199.108.133
    185.199.111.133

    DNS Request

    nexusrules.officeapps.live.com

    DNS Response

    52.111.229.19

    DNS Request

    self.events.data.microsoft.com

    DNS Request

    self.events.data.microsoft.com

    DNS Response

    20.50.201.204

  • 8.8.8.8:53
    232.135.159.162.in-addr.arpa
    dns
    643 B
     1.3kB
     9
    8

    DNS Request

    232.135.159.162.in-addr.arpa

    DNS Request

    253.102.89.159.in-addr.arpa

    DNS Request

    133.110.199.185.in-addr.arpa

    DNS Request

    19.229.111.52.in-addr.arpa

    DNS Request

    204.201.50.20.in-addr.arpa

    DNS Request

    ctldl.windowsupdate.com

    DNS Response

    199.232.210.172
    199.232.214.172

    DNS Request

    ocsp.digicert.com

    DNS Response

    192.229.221.95

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    143 B
     365 B
     2
    2

    DNS Request

    172.210.232.199.in-addr.arpa

    DNS Request

    ctldl.windowsupdate.com

    DNS Response

    199.232.210.172
    199.232.214.172

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4332-0-0x00007FFA50573000-0x00007FFA50575000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4332-1-0x000001848CD90000-0x000001848CDA8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4332-2-0x00000184A7360000-0x00000184A7522000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4332-3-0x00007FFA50570000-0x00007FFA51032000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4332-4-0x00000184A8630000-0x00000184A8B58000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4332-5-0x00007FFA50570000-0x00007FFA51032000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4332-6-0x000001848EC80000-0x000001848EC8E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4332-8-0x00007FFA50570000-0x00007FFA51032000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.