Extracted

• • Target

    Lorito.exe

  • Size

    506KB

  • MD5

    5145238a5fe1dedf3a95a6727f46d87d

  • SHA1

    f89ff2e64a37fbacb8bcde27b1433f74ecb62a05

  • SHA256

    feeaaf0a4f055a7f5c5cc3ec02689d23155bbefa8d473f6f29bbc453753350da

  • SHA512

    ca5c1f2d9484f5df193b6de47ca1157949d0700175e25016d2c602ef7cd68381141383c3abec280d015f44409efca3425ec3fd39cf8f2ea7f1135439d71fb6f3

  • SSDEEP

    6144:Cqj9Vbvt0CVAtM9ST08l4oqHU4KpF0gQoIsRHZ/QTGoDMyD5cDfXowzr+pldTuse:Nn0LIyy/LMIsHZo6gM2WX4pvTuJOOJ

  Score

  10^/10

  discordratpersistenceratrootkitstealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2