Resubmissions
24-11-2024 19:59
241124-yqgajasnhj 1024-11-2024 19:58
241124-yp65kasngj 124-11-2024 19:56
241124-ynxjqswphx 10Analysis
-
max time kernel
4s -
max time network
10s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
24-11-2024 19:58
General
-
Target
https://github.com/moom825/Discord-RAT-2.0
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/moom825/Discord-RAT-2.0"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/moom825/Discord-RAT-2.02⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1916 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {631cc153-b1c4-4b7f-a585-5081975c7a0f} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf9f9a80-c3fa-4a53-a74f-f898340c3187} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2868 -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 3064 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8685b23d-ac53-42c0-b2f1-9714a9e6b284} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 2 -isForBrowser -prefsHandle 3944 -prefMapHandle 1156 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbd455ef-91dc-494b-b8f6-a5bc79729acd} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4456 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4504 -prefMapHandle 4500 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d42a5dca-16c7-44e6-ae45-1d52cab8f123} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a02b8ad-d920-4da7-8328-463952452057} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 4 -isForBrowser -prefsHandle 5592 -prefMapHandle 5616 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebd438d1-f803-4147-86b3-146757ee3782} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 5 -isForBrowser -prefsHandle 5704 -prefMapHandle 5308 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44223dda-0dba-4091-8c89-9a34bd682a24} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD591d12560a30a41c6f8a8084c460e89da
SHA126b68450218a0e06bb02ab68d50cfa3af1da2283
SHA2564ba387d969ec5ce8fd33348ff4ee53539171acf794ad1466e05b962b3abed146
SHA5124a610dbaf848239760968278538fc65c3b02ae0a0fda88185cb532b9d1a3f045a8bb769d0e395972e561339b7b25014b7baa2e6bc692d72452405cba2abff396
-
Filesize
6KB
MD531e4b796f6ad83b8b21f0bec1e832d2f
SHA156ae3d8ed51f6ef963c4547ddfb0af4b7d05dfbc
SHA25622994bacebca03422228ff7128545a0e38a5b38acb59e70eb8e4cc568abdc93d
SHA512587ed55544f92b9a7db564c110a750f84b3fb0f7210e07128610c402910581b28f116e99465c75b654c12f81cdd96cbb1386135f0f6d21416e81242e263c8084
-
Filesize
6KB
MD528c36561c3cd958354299e25a35db390
SHA1c17fecbad3c994f0aa132d934395477dc98f1a8c
SHA256593ac8cdf8050a6d0947916bdd0bf8a857f580b09f630a501b262fdfeca645b1
SHA5120867288eb374447f0b4bafd7ceab77d922ff4da74541e8ac8a41f35ef440dde6f45d4361407d7ee27d321ce351fe6cb7e82251edda73e5b3118dc6e8edf10018
-
Filesize
5KB
MD50fd8fbff30a6f42a4f83c87783ef082b
SHA18f69d93fa4929da0e3fab47a89c3652e1ed6f316
SHA2564c068616f903708985f82b663f0aa10a60c7f5221816c98774545f546ff89100
SHA512c79cf5820a19b4eb759ede04340a5d0d11d63d626199fabc1e46de9732b171aeaaec18bc18a9070131025509249df00a4a18a33abbd3c69def32c56667235fdf
-
Filesize
5KB
MD5137d4103877982e029fab2106e451830
SHA18064d13f15945644b33a822b8bdc9d0ac616e111
SHA2560e5301871b62965bcbf214b187f99643fe601b4d6e8f20bbd22f3702b22690bd
SHA51200fbae24e8573d3f3e968edefa70a00e206728b0bb0fa153a4f29525f50ac2849437f1d1ae4d73dfea5536ef8d90a82ba8d54d1c27b67afef19b629e2242c8c0
-
Filesize
671B
MD552f9bd687d079b29d76afd26e6e6be96
SHA17cada3577b611ef01a24b458fdb9e232e57e837b
SHA256e0bede01832a76fa79c9305b20a8b4e08fb5a92db6e9190a1e4dbc3a4ff970ac
SHA512e6ad9f89849684e502ed3572d74b40ab844fbd2cf8244e37e3d94b50495e8c55fd3eb1186647df5f3cd6d44d2c8c2c934cd7442eb0f424d1d290179551e76d5d
-
Filesize
25KB
MD5f393022e50072764a2581812e42e4749
SHA1cdd0fdfa395f132ce9f5c7a93b8e322a6a49f418
SHA256a9ba2111a9d2557bda988fc03fce9d0d227cf43ca3721de458dfb559856c6b93
SHA512944779bbcb650689c937af4a3b241187c69e6608b4c661b49f7eb9a06e3304e58e3c92e643318c7f13b3c427b9fbd4b951c7c69335b73a78a96833a3f50f6926
-
Filesize
982B
MD5b271b1f36cb517681ac783d6434e6dfb
SHA10400d5e2b39b0fec20fcdc1350212f61d0a65e80
SHA256aff6a3f43839c65855c3561264e5787f8b3e9388c0eebbb0ba2572d6460321bc
SHA5122ba7e47e979f17f43441a82bedd5b3b83ef6e259e9b8c3726a77714950f5419d4d4524ff869adb8c9b2d017b13799d0c80a64ce25f6b39c1db0dc8d22ac49a4e
-
Filesize
10KB
MD522bd41feeec684f6e7f6433b55a20dcf
SHA1cf3404eac70d66ac477c2197f520f4175826c6e6
SHA256b919b61165f1dc03b86835a5d20dcd3203c517c98a1b4e90def092a1de0d3b1d
SHA5128d792a074dd3e116e852a1957903e438843fb7c7dc3af0ff89c852f619df8a4f8107eb71c4b9771edf35382a4ce45417bc8015999005f444292d0f6daf8cf6a3
-
Filesize
11KB
MD5ba7fa98fb028a5eb3e02a8378981d23c
SHA1a44e8f7d545831491d5fe65c3e655c0f057422ba
SHA25652450b7c42cba6b19921cf31ba6aaf0383598cac5e01916d59e7c11633ef5160
SHA512656d7c01b80343ae2d197ebe818932c3d18b9525d6e3dba25eaf34b47377a151ea546948bd98afc39419f82eeb43bcd488986f360de270065db295991f66ff92