Extracted

• • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    41c8101b8f008edc7ae2ece242e80a80

  • SHA1

    07800dc227a82785211fdf5ab38a96bf5dca4bc0

  • SHA256

    15a7d3d3911009e4463b669177344eba876578bc78c0f61f27d1c83b63a1a84c

  • SHA512

    f024178ea1a2a441da8833919305008b091fccfd5539ec488308d2355f0f3c6c5e27644398c292da4b1f436ce8aa24af1ff932cb2df3bccb2fc7fc3cdb1729c0

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+0PIC:5Zv5PDwbjNrmAE+oIC

  Score

  10^/10

  discordratdefense_evasiondiscoverypersistenceransomwareratrootkitspywarestealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Downloads MZ/PE file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1