Extracted

• • Target

    ad085243fcf91d0898c71f4210270e518bb33a408a2685528f4c6d4eb22b3bde

  • Size

    526KB

  • MD5

    92bb43f6f8a760822a4c9dba73e6b48c

  • SHA1

    e806fc23f2d36fef6ca27691958de54042d46115

  • SHA256

    ad085243fcf91d0898c71f4210270e518bb33a408a2685528f4c6d4eb22b3bde

  • SHA512

    e8bb117112702d37446e972373e89000d38c2e4ae60eb9cf6042de0b79f7b3f963327c0a4407e573ad02b87a23cd5244b167e2f655a5723ed9736221328f87d8

  • SSDEEP

    12288:byveQB/fTHIGaPkKEYzURNAwbAg8gXD8hJWvL957N:buDXTIGaPhEYzUzA0q+D8hJILx

  Score

  10^/10

  discordratpersistenceratrootkitstealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2