Extracted

• • Target

    PoabGrabber.exe

  • Size

    6.1MB

  • MD5

    735103629b36f00e5e0f2d366eaae44f

  • SHA1

    0c71ea959fcf6f3549ad3d7b9392157f54939bdc

  • SHA256

    7c0ea7aaa73815e7a3e7a459b567024bb418afab7a9e2b638a667e2ae331e282

  • SHA512

    f499e720129abfec0c0c5bec2cdfd0d2aac04e2e2225e1992c330332aaf317b1695903875a184d31e4a45e28d5711b2fa3b5771e7541e9a6ada3728dbfed8192

  • SSDEEP

    196608:W0umWQLVOjmFwDRxtYSHdK34kdai7bN3m2kSvW863:SwwK2pM9B3QtWi3

  Score

  10^/10

  upxdiscordratcollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationratrootkitspywarestealer

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in Drivers directory

  • Clipboard Data

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion

  • Enumerates processes with tasklist

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2

• • Target

    L�>^��.pyc

  • Size

    857B

  • MD5

    9670e453426cf2c9f740a34b0c5ce9ae

  • SHA1

    ee54de4b242bf20624ff357219900a355ceb53e1

  • SHA256

    3f6372a81a6216ebdf9f03160f6cfebd447ae35462d42d0e9633eaeb1c23ed70

  • SHA512

    47bc764ab524ba846a71b4802bd39fdd8521f1ef4664c8c52956b8b1bb03ca796968c5ffc17f4e7709fb1349288724220d5c43fb1a9fecaa7a894ba1732b0b89

  Score

  1^/10
  behavioral3behavioral4