Extracted

• • Target

    Nymalith Executor.exe

  • Size

    78KB

  • MD5

    58506364e0907e7bba6991f5f380882d

  • SHA1

    4d06330d5d2ca81caf5d9e43d8e4fdc42d3ff917

  • SHA256

    b20ba750498b5ef700d1f8ab09a845ac13a5c5d087cccca229159e9e2fb2a2a9

  • SHA512

    1316e8d9cd4faaf189cece7a3928004a48c883b2496faafa414de87396abe9943b08c555c9a45cdf0b0603be900cbe10571cff8704edca06442c7fce756d657b

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+1PIC:5Zv5PDwbjNrmAE+lIC

  Score

  10^/10

  discordratpersistenceratrootkitstealerspyware

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2