Extracted

• • Target

    SIGMA.exe

  • Size

    8.4MB

  • MD5

    30e6d63f20707c4b9b9a3025432e0046

  • SHA1

    7b3247927b9c6a48a153f0caaf383fc5f0720d3a

  • SHA256

    80214672f15b4f10ed899f566dc70ef28123cb4c1c4d9e2df08c404414571399

  • SHA512

    cf1fabf80f19eb9d36e9b8748929fe86f9388249d8db715ef46936e16372dfbbe65492392002c81d7f7e8d9ecdb7a3cfcb18d46dc197fc86111196373c9e15d2

  • SSDEEP

    196608:VTuYyXwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jb:vIHziK1piXLGVE4UrS0VJX

  Score

  10^/10

  discordratcollectiondefense_evasiondiscoveryevasionexecutionpersistenceratrootkitstealerupx

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Clipboard Data

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion

  • Enumerates processes with tasklist

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1