discordrat | BeamWebhookDownload[.]rar | Triage

Sharing

General

Target

BeamWebhookDownload.rar
Size

26KB
MD5

885014cae48eea22bc4e10ad55eb7ff2
SHA1

66411c33bb0d12f7773b9dec00ddf0d012b4af61
SHA256

c1cdd25217e0107de1fc8c291e2331dbe21509273917969263e3f2d6317251bb
SHA512

bc2f8773e79e4c40616c6e75bb318ce90cd885135f0b56285eb07e1339ede147fa7cdf62d6548da9fbecef46d1704e4e91a6f1249c27350b5a182dc428384519
SSDEEP

768:SqgcA5CtmA2cd2FmhJGM0RAYckEe6Cqi3AOG:SNNcd2FWYtRY/Cqiwn

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyNTAxMTIyOTk2NTY4MDcxMg.GVbtJu.NiHaLGAe8ngV52ERblctO7HS_Ax5yYvARm0euQ
server_id
1324735552167346220

Signatures

Discordrat family
discordrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Swift/Bootstrap/Swift Executor/SWIFT/Swift Executor/Swift Bootstrapper.exe

Files

BeamWebhookDownload.rar
.rar
Swift/Bootstrap/Swift Executor/SWIFT/Swift Executor/Swift Bootstrapper.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ