Overview

overview

10

Static

static

3

Przerobion‮gpj.exe

windows7-x64

10

Przerobion‮gpj.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Przerobion‮gpj.exe

  • Size

    1.1MB

  • Sample

    250124-wwzyqaspem

  • MD5

    7a84b37a925f07424890eaee64ce687d

  • SHA1

    f7754e3ebf1028cc27d09604f962aa305bf70343

  • SHA256

    2b5569bf051963fa4b5d7fc9eb950262508848f9c69bcc022daae7aa3cc7411a

  • SHA512

    c85f4825fcbf07cc406fc8f08e569bd3b87174ba89f8611fbd2b6a7c9ff6c41a15b087bbf4e20e65b2c1284e69f80f465008cb3f7f97b8e1dca027a3553c5b96

  • SSDEEP

    24576:puDXTIGaPhEYzUzA07IQ/bmSh8Pomwojnq72GQsToiwok6J:MDjlabwz97r/bPh3mwCq7fwoj

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMzMjQwNjg4NDQzMDUxNjI3Ng.G6ceip.TitIAwiollv8nEDv31RZOJbE-06R7oxUp2atZg

  • server_id

    1332407935053205618

Targets

    • Target

      Przerobion‮gpj.exe

    • Size

      1.1MB

    • MD5

      7a84b37a925f07424890eaee64ce687d

    • SHA1

      f7754e3ebf1028cc27d09604f962aa305bf70343

    • SHA256

      2b5569bf051963fa4b5d7fc9eb950262508848f9c69bcc022daae7aa3cc7411a

    • SHA512

      c85f4825fcbf07cc406fc8f08e569bd3b87174ba89f8611fbd2b6a7c9ff6c41a15b087bbf4e20e65b2c1284e69f80f465008cb3f7f97b8e1dca027a3553c5b96

    • SSDEEP

      24576:puDXTIGaPhEYzUzA07IQ/bmSh8Pomwojnq72GQsToiwok6J:MDjlabwz97r/bPh3mwCq7fwoj

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks