Overview

overview

10

Static

static

10

Free robux.exe

windows7-x64

10

Free robux.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Free robux.exe

  • Size

    78KB

  • Sample

    250131-qeg4pawnhs

  • MD5

    224ffc7642433a54523e38d9bd28a7b4

  • SHA1

    45ce3d4b4161a916b6c3c1126fe19bf1a0ce9490

  • SHA256

    e81c03f063eb81973ecbc690961658b9d613e1648c3612fbc1ffdd41fbf1f7b3

  • SHA512

    1960f6a2bb79f258c0e78d056caf7a384eff84bd50439eff68a85cdedab416d2623607cc98351d457b5f2cb1e89096ca99a06b8210ec749dc44f050427ae1eb3

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC

Score
10/10
discordratdiscoverypersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMzNDc5OTg4Mjg4Nzg4ODk1OQ.GYogWp.NMtpgtuN4Hf6PsEomIL-OoyUKqRkEVtf5alRts

  • server_id

    1334800372321222707

Targets

    • Target

      Free robux.exe

    • Size

      78KB

    • MD5

      224ffc7642433a54523e38d9bd28a7b4

    • SHA1

      45ce3d4b4161a916b6c3c1126fe19bf1a0ce9490

    • SHA256

      e81c03f063eb81973ecbc690961658b9d613e1648c3612fbc1ffdd41fbf1f7b3

    • SHA512

      1960f6a2bb79f258c0e78d056caf7a384eff84bd50439eff68a85cdedab416d2623607cc98351d457b5f2cb1e89096ca99a06b8210ec749dc44f050427ae1eb3

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC

    Score
    10/10
    discordratdiscoverypersistenceratrootkitstealerspyware

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks