Extracted

• • Target

    clandgpj.exe

  • Size

    359KB

  • MD5

    4271c70a9cc171b2159e2cf06404eae7

  • SHA1

    09e8fea1127994cc8269db868c5283c2f8c372ca

  • SHA256

    b19d42d7c56f6afc2957ef90d84c0d24e70262c01c56e71416eac4b6de9bb51d

  • SHA512

    60deb2318113ef34d1ed6b47ce3cc393b10372cc6a482bc08dd7080d7670a59d5c1c4c2390057e62e21824259416a3ebe2a90464790a71179fb1d28e82c2f489

  • SSDEEP

    6144:1E+yclwQKjdn+WPtYVJIoBfYXUSJSdDQnjrEKBjknH:1BdlwHRn+WlYV+5XEEjrFanH

  Score

  10^/10

  discordratdiscoverypersistenceratrootkitstealerspyware

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2