Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
16-12-2024 23:42
General
-
Target
Makala Executor/Makala Bootstrapper.exe
-
Size
78KB
-
MD5
6a7ea29ef2fb6c36471d0e055b81f084
-
SHA1
168ba0b3c3f51d89b4b3e5be7c91a813a51387c2
-
SHA256
cd562416060b65c4e342e62169e7d6136f7043e5252943b1a7033d9160ee383a
-
SHA512
f9ad092b14d16c13ddc1e791147efc2edfbe875865ee523bbb190ee851725ae3c909eabd15f9ad193d5cbedefa46802a886713cc471f0c2308e51fae61e9256e
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC
Malware Config
Extracted
discordrat
-
discord_token
MTMxODM1MTU3NDYzNjAzNjEyNg.GOjBDm.fj5GQTX1yf12bG6cA-jFqOCZzVLbT2a7KZ8L7Y
-
server_id
1031700632450641981
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Makala Executor\Makala Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\Makala Executor\Makala Bootstrapper.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/home2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d5d246f8,0x7ff8d5d24708,0x7ff8d5d247183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,996033026967050961,4450537236982070464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:13⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
1KB
MD542d3b0e40fddf140e1346f1d74abc1de
SHA1894cedd1ec0afaedef909ae775cfff647536134f
SHA2561f658c29274b2ccc1baa54ac4fcfc4b11d9f2a15a83ff8ebf26f52c82e185a68
SHA51219cc9f4d41b4aed691c94c7a9734abd1d707e5000ee06dfa7a455e523daee28acf2175ced3f59a9f5ca15275c13e1d18db32920c5857eb8a105850646e1b4026
-
Filesize
689B
MD59adf5ef4ac285ec14c29b44c43356e78
SHA182fa71a32bfd8c954eb803c4607ffd255f07391f
SHA25688610f3dcebdd7af6bfff50a9204df05d9c848fd1671ca66a271dc8506154a2b
SHA512827b3b8ee25509f9ff5ffc27c7d02d1574db72abe361735a4cc914cee63c22e873ff57a7ffff7bb4cac222a42bdf0394e4826877673bac39830bc2a40f79d1fe
-
Filesize
6KB
MD53e717fdf79c11a060331882f6429a254
SHA1089d252887bc38fc6a4bcf329021ef26666b69e5
SHA256fcb9e1efd0b438253d01e21abde3b035d0c1d7a513a473e770bbb7a326b3db54
SHA51276f2ad6b13e883aea48d2a59530c5c89fe7f5840ee3afa6deca5d27eeb19cecad3a99ad53a5ce0469bed4f6c036a39c55a465c14f6ff00594b2650dbdbd4919c
-
Filesize
5KB
MD501f8b5fb51805e82fd18ba27b36a862c
SHA11dcaa4090dab9faf8a375a963f2f331f925f85fa
SHA256c105deed8e026a59bb9b3da45b384eb7970f9b567d8e7c7e70ee6ed2c0634e6e
SHA5126c442782f65f9534a9160c4b4251a8c8ebdc1d71402f86403014700d9ff7e42577a873c604c9b20970d7e7f9157d1993bafe7dd8603f047f05b498864f6f3632
-
Filesize
1KB
MD575063a9b577f83c3584fd1176f0b2cea
SHA11389fbda658e8351fe50176a10e84d9fbe47b56c
SHA256fab4d1a43aeeaee86ec9df05623386f921c07f9260e946504a2f29bb4e579bd5
SHA51281826d88ee6ef72e3443d46fa3e64587342775e78ed269b9255e3f4ef3012510c3bfb141226703d8751acd429ea74e5172d05b8c2e90b35f3e0ed5483d01d882
-
Filesize
1KB
MD5d7a97e86d7601d824a642ca5e4cb3897
SHA1edd3b72ddc0583eb4c7159077d00a19253d0ed43
SHA256465a2cb8987e251c12682028d35877de432a7b7a2d3a0e40588f4a70e8068297
SHA51295b393e5c316643dbde25da28e6e9e760a4cdce19eec7807eed984edd6093f2a5c2b257da4c38b5f1b0ee45101613d3d8452292152ea75f88c6b3b66c5180393
-
Filesize
1KB
MD53fdc3536098ce127f18b8f5c81937f75
SHA1db9c22218e1910e34448742353fd8a9ae8f3c60f
SHA25678723a47a33066ea97ebdb8c79c32608ed63ec1faffcd9c5ed70224c383c466e
SHA512d90cf35ab04f9103b21711c0423b1a85791d5319aee27f09a39f46f3efb37af840330feb99934813a1dd43cef37079e64342cf874f71f96e2a9260c6b0a19458
-
Filesize
1KB
MD5d084d1f3c629bcd7bd5e343e8462548a
SHA11e36eddb4ade49b1fecddfab6c9ea2c90cb38829
SHA256a2bcb9f6d360bba659680cf8c79bbcc79d8964accf6d38373ad8055e8695bc97
SHA512c67f32143842c50655f8338955cce3c33d5449302bb80cf34c1b6e5f6557d09c240624a931b9b72e6706bd598a0aeb77f35e02b384a2531370002537b387ea73
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57a04c1ddaf0979459d9141868e9153e3
SHA127c7ac7b87e490ac0bbff6f35a555d17c9deb153
SHA2567bcb04592174a877976eb319999b6083f6c7381f64eec857de6d857011bf99c0
SHA512bd1642d3c824c1e9600b4a7d135c7e7272114cdfd8de8d721a8dd2053a0c06217f2f9133e5039d4576731f0454251381c2d90061131b15a20105a09a4e249b4a
-
Filesize
10.8MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
5.2MB
-
Filesize
10.8MB
-
Filesize
1.8MB
-
Filesize
96KB