Extracted

• • Target

    SIGMA.exe

  • Size

    8.4MB

  • MD5

    30e6d63f20707c4b9b9a3025432e0046

  • SHA1

    7b3247927b9c6a48a153f0caaf383fc5f0720d3a

  • SHA256

    80214672f15b4f10ed899f566dc70ef28123cb4c1c4d9e2df08c404414571399

  • SHA512

    cf1fabf80f19eb9d36e9b8748929fe86f9388249d8db715ef46936e16372dfbbe65492392002c81d7f7e8d9ecdb7a3cfcb18d46dc197fc86111196373c9e15d2

  • SSDEEP

    196608:VTuYyXwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jb:vIHziK1piXLGVE4UrS0VJX

  Score

  10^/10

  discordratcollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationratrootkitspywarestealerupx

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Clipboard Data

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion

  • Enumerates processes with tasklist

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1