discordrat | IncogftExecutor[.]zip | Triage

Sharing

General

Target

IncogftExecutor.zip
Size

28KB
MD5

151650c12267437fa4352d2e45606c0c
SHA1

9f9fcc4f97545aa37888eae7e26d38a6737bdbde
SHA256

a6a06c0dfde199f8edd355877fd3cd4881ee4d3a5dc0877a01ce1fd1524a87d4
SHA512

dd2d479365ad46348452b9c3889f1e5f7c88244ee9673fc74d9ea029d76c481bf76f8c30a74033ba2ef74aa47ddeb36c6c9fe0b072768f53aec919342d0e138e
SSDEEP

768:sgZMqAosIQkA9NEoCjmrllgX/UGplMnbIpCrX3Zp:H95YCjokX/ZpOEYrHZp

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNDYxNDI2NjUzNTQ3NzI2OQ.GvE3OW.ygCVYZPAbul7wZgdx2a4I0nc_JUxKYOVJNdv1c
server_id
1314608412302250004

Signatures

Discordrat family
discordrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Incogft Executor/Incogt/incogt.exe

Files

IncogftExecutor.zip
.zip
Incogft Executor/Incogt/README.txt
Incogft Executor/Incogt/incogt.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Incogft Executor/Incogt/start.bat
.bat .vbs