General

  • Target

    241211-p6934stkhw_pw_infected.zip

  • Size

    443KB

  • MD5

    b35abe87826e6fe9b71b4c7cb00650b4

  • SHA1

    d428f6eb0f5ea4214c0f1b484d044537fcd04e93

  • SHA256

    efe438a23e3a8ce419a852278068e2aa5e1c6b2b0783b5e39db9bb55dbea4800

  • SHA512

    a0816b94ba44af2c97bd062027aaf280f348ab7cc4a6e5423fbb04261af96303e64d08915f90264578c7f82d4066cfa69008d7f85826e325dd0dd5f4f0935911

  • SSDEEP

    12288:bvazRNFXiXnGsofHUAgJTbCJdu3plG6kXr3Im:bv61UnsfHUAg1CJdQpltkXr3Im

Score
10/10

Malware Config

Signatures

  • Discordrat family
  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • 241211-p6934stkhw_pw_infected.zip
    .zip

    Password: infected

  • release.zip
    .zip

    Password: infected

  • Release/Discord rat.exe
    .exe windows:4 windows x64 arch:x64

    Password: infected


    Headers

    Sections

  • builder.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • dnlib.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections