Overview

overview

10

Static

static

10

Pharaoh executor.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pharaoh executor.exe

  • Size

    78KB

  • Sample

    250117-zkncbstjfk

  • MD5

    ac602ff31d1129be588688ba9fb817c3

  • SHA1

    7906b235c6ad4c72122198ec7b9be23dd42833a4

  • SHA256

    c23bb4c0e5fa855bb65abd2d78866ab05889bcb2f7d57e059ca071091e699740

  • SHA512

    e69ff869cbd51c67fa32d199ec671882648f16a641f8841631adf5b9ae4c496852aefae1387be5b12a616d52bf89d927a8a094187850b15f7278bbf0e5072168

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+9PIC:5Zv5PDwbjNrmAE+tIC

Score
10/10
discordratdiscoverypersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMyNzQzMDAzNTM3NTY1Mjk0NA.Gona0D.U4USiJVqaeVQ1lTluE2D4rzs8gMjLpI7-b1Qws

  • server_id

    1327344984113811487

Targets

    • Target

      Pharaoh executor.exe

    • Size

      78KB

    • MD5

      ac602ff31d1129be588688ba9fb817c3

    • SHA1

      7906b235c6ad4c72122198ec7b9be23dd42833a4

    • SHA256

      c23bb4c0e5fa855bb65abd2d78866ab05889bcb2f7d57e059ca071091e699740

    • SHA512

      e69ff869cbd51c67fa32d199ec671882648f16a641f8841631adf5b9ae4c496852aefae1387be5b12a616d52bf89d927a8a094187850b15f7278bbf0e5072168

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+9PIC:5Zv5PDwbjNrmAE+tIC

    Score
    10/10
    discordratdiscoverypersistenceratrootkitspywarestealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks