General
-
Target
Client-built.exe
-
Size
78KB
-
Sample
241120-rwlzmsydrj
-
MD5
5294e84c734fbf9f34110e233b094b98
-
SHA1
2a2dc9fa78e3c80f7c425dc2d70daad6e0e2f6c2
-
SHA256
4abd3eb46f7ea1d4f698e5e35f6ce12cffbc131c994f842733aa4a4a6fc1654a
-
SHA512
ac67c08d7e1eb2d0c8b5f8928541c423d249094bbb72bf920a365f2afe9e3a034923c14cc9a667a899dcc4691b79c45b7eb352acd7f2e08a75bcbabe4cef2bcd
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win11-20241007-en
Malware Config
Extracted
discordrat
-
discord_token
MTMwODc5Nzk2NTYxNTQ5NzM1Nw.GBpC5A.89Z5f6lFNt0ykOCJ3xjQcB6vyTHT36DHCa_Du0
-
server_id
1308798365948969031
Targets
-
-
Target
Client-built.exe
-
Size
78KB
-
MD5
5294e84c734fbf9f34110e233b094b98
-
SHA1
2a2dc9fa78e3c80f7c425dc2d70daad6e0e2f6c2
-
SHA256
4abd3eb46f7ea1d4f698e5e35f6ce12cffbc131c994f842733aa4a4a6fc1654a
-
SHA512
ac67c08d7e1eb2d0c8b5f8928541c423d249094bbb72bf920a365f2afe9e3a034923c14cc9a667a899dcc4691b79c45b7eb352acd7f2e08a75bcbabe4cef2bcd
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC
-
Discordrat family
-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1