discordrat | ZoraraUI[.]exe | Triage

Sharing

General

Target

ZoraraUI.exe
Size

95KB
MD5

57114b780ad5cf03a23b897a7ee3ed50
SHA1

871313b421dddae01c68719546e8e423035bf189
SHA256

e3e46f0d836d7536b5f14324d34ffe38fc337a9c09fbf0429fdd9fe82d1e1ba4
SHA512

dc09eaa39349a2d4c90a904b85bdb8c7abebb83c6e1f00aeb0efcbca09e2444f97550fb0c8ea1600855b77278ccd4834f8cab11f151bf15b7f340a997a069bcc
SSDEEP

1536:l2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+9PI9:lZv5PDwbjNrmAE+tI9

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwMjIxOTYyOTc4MzE1ODgwNQ.GxLQZ8.DRpyOqRKH2MlfrQEsy0l2IIHWvJ9hbwMpr2sCc
server_id
1302215304264290354

Signatures

Discordrat family
discordrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

ZoraraUI.exe

Files

ZoraraUI.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ