Extracted

• • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    49d6130bca1cf85adb53b34247070629

  • SHA1

    d025ff0a2eeeaf0d303424ceb4ea5e55a26ba7da

  • SHA256

    f573bc888434d747458210081a7a7632e86b945693a541f1548236bcefd6acc6

  • SHA512

    69ba140dcef810d9ac7a4292d09b99b3b4f2da926342a57d325e99d6afb40b65fa6940448728b04d361d4a6f732dc93e18379a7fb9b0329ffe660181bab8ccbb

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+NPIC:5Zv5PDwbjNrmAE+dIC

  Score

  10^/10

  discordratpersistenceratrootkitspywarestealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Downloads MZ/PE file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1