Extracted

• • Target

    a7b0473b7206d519eb42eb0d4aa842041b4110fc5c90f999546b0cb91ebef8c8

  • Size

    545KB

  • MD5

    4048ba7b33561ad82e221babd0dde0c1

  • SHA1

    91a451f9082a99befae9e01410331e0607a2759f

  • SHA256

    a7b0473b7206d519eb42eb0d4aa842041b4110fc5c90f999546b0cb91ebef8c8

  • SHA512

    029ec093da60658f5fbfe3026f3265e73c6d38cc2b7509d89a7f1d138aa042e6ecf308ad36fe84f8c75563da08537db58ab0e19a6306960309772de5c287e7c7

  • SSDEEP

    12288:syveQB/fTHIGaPkKEYzURNAwbAg831KIiVkmeT5D3SaE:suDXTIGaPhEYzUzA0qFKJMD3SaE

  Score

  10^/10

  discordratpersistenceratrootkitstealerspyware

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2