Overview

overview

10

Static

static

3

Monke Mod ...um.exe

windows7-x64

10

Monke Mod ...um.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Monke Mod Manager premium.exe

  • Size

    624KB

  • Sample

    250209-gey8jaxkdx

  • MD5

    0e886c0acf85866b1246118efb9606b1

  • SHA1

    2a22eeee5cbf665e132f40ab00a8f55d8581cb2b

  • SHA256

    d93a0adaa8927c9e889012a495076668512f7f011264c52fb3bd9b9c6094ae35

  • SHA512

    2e44d466cc6eec9225d6bccfb7b22aaa1564e8c7830e779bab97cf5e69ddc9a647271869caef84017a27d821e9b09b895547e132755f70873f019b0667bc465d

  • SSDEEP

    12288:gyveQB/fTHIGaPkKEYzURNAwbAg8n9ztBM33wEp:guDXTIGaPhEYzUzA0q9ZBMnws

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMzNzI2MjIwNTkxNzQ2MjU4MA.GnoNqI.vSCLHUKt9B1-VRUYB0OYpmtmITqR9PlfuRTZck

  • server_id

    1335098734836449331

Targets

    • Target

      Monke Mod Manager premium.exe

    • Size

      624KB

    • MD5

      0e886c0acf85866b1246118efb9606b1

    • SHA1

      2a22eeee5cbf665e132f40ab00a8f55d8581cb2b

    • SHA256

      d93a0adaa8927c9e889012a495076668512f7f011264c52fb3bd9b9c6094ae35

    • SHA512

      2e44d466cc6eec9225d6bccfb7b22aaa1564e8c7830e779bab97cf5e69ddc9a647271869caef84017a27d821e9b09b895547e132755f70873f019b0667bc465d

    • SSDEEP

      12288:gyveQB/fTHIGaPkKEYzURNAwbAg8n9ztBM33wEp:guDXTIGaPhEYzUzA0q9ZBMnws

    Score
    10/10
    discordratpersistenceratrootkitstealerdiscovery

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks