Overview

overview

10

Static

static

3

mtree‮gpj.exe

windows7-x64

10

mtree‮gpj.exe

windows10-2004-x64

10

Resubmissions

26-01-2025 09:00

250126-kytzpsynbm 10

26-01-2025 08:54

250126-kvck9aymej 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mtree‮gpj.exe

  • Size

    1.3MB

  • Sample

    250126-kytzpsynbm

  • MD5

    b8b0baac29daa1eff8ecb046fe91f104

  • SHA1

    c6ece29c90cb57bca393139e44d70b029bc1f677

  • SHA256

    27a1137b8d934f10c2166261ddf2b424e4803102809c446d36767d581b533a96

  • SHA512

    5501afad683faeb9e174487caf6f5280aab51050b366334c56539ef7977248c7bb05c8b48c9f5e6198ac728703921dbb29f9bf17e37162410a64caf1e662b3c0

  • SSDEEP

    24576:ZuDXTIGaPhEYzUzA0qBc+ZKhmVbC9eabpmkmZ3IaezdKcMYwFL+bGljFIh0aTOS7:8Djlabwz9AjABbpmHmapcMYJo0TOI

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMzMjk5NDEwMjkwMzU3MDU0Mw.GjHo9c.uUUeJljLrRcuIvW_FlFF0o4Eh6h5i-SEDWYry8

  • server_id

    1332539766268231760

Targets

    • Target

      mtree‮gpj.exe

    • Size

      1.3MB

    • MD5

      b8b0baac29daa1eff8ecb046fe91f104

    • SHA1

      c6ece29c90cb57bca393139e44d70b029bc1f677

    • SHA256

      27a1137b8d934f10c2166261ddf2b424e4803102809c446d36767d581b533a96

    • SHA512

      5501afad683faeb9e174487caf6f5280aab51050b366334c56539ef7977248c7bb05c8b48c9f5e6198ac728703921dbb29f9bf17e37162410a64caf1e662b3c0

    • SSDEEP

      24576:ZuDXTIGaPhEYzUzA0qBc+ZKhmVbC9eabpmkmZ3IaezdKcMYwFL+bGljFIh0aTOS7:8Djlabwz9AjABbpmHmapcMYJo0TOI

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks