Extracted

• • Target

    barrotes.exe

  • Size

    78KB

  • MD5

    1adab14cec5319868d619041f47cfd76

  • SHA1

    eea3c85e94ee8b7c4473fa51ff97731a7a590d80

  • SHA256

    c9b3fcf43ef4bdae5f28d4469e810fc02e953eb540c593c8ca4bebe54cf43c10

  • SHA512

    af7b95a1cb69d84a0a3b7ab26599c265b8f816ad6eb8d9cf135eff1daa76e77a5372393959a62f08a1002550459fede1662d2774d7ff41d1b5243c93b10623c6

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+6PIC:5Zv5PDwbjNrmAE+mIC

  Score

  10^/10

  discordratdefense_evasionpersistenceratrootkitspywarestealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Indicator Removal: Clear Windows Event Logs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1