Extracted

• • Target

    MFjGBrO.exe

  • Size

    475KB

  • MD5

    cbe2f2a631cafa3abf6169b419e84dc5

  • SHA1

    20ac6d8060f99f16a92db8aa55ddfb7b2f2997c4

  • SHA256

    f23839bc1f59d1cd4c542169e22882ac68063a169ae6f3e25e82b91c5e300b58

  • SHA512

    0f879a83e08f43576786fc5e561c73e1eeec0799574e5ba3018b88b96b1abbd177385f7b0b3db3d97fdf1328ec2b0813223ab725915eb57774362f868a076d1f

  • SSDEEP

    12288:byveQB/fTHIGaPkKEYzURNAwbAg8FvKIfKJzHj:buDXTIGaPhEYzUzA0qJKIfizHj

  Score

  10^/10

  discordratpersistenceratrootkitspywarestealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1