Overview

overview

10

Static

static

3

test‮gpj.exe

windows7-x64

10

test‮gpj.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test‮gpj.exe

  • Size

    653KB

  • Sample

    250214-jqbbysykaz

  • MD5

    d5892e4fa8328d72fe4f5a6a2807aa22

  • SHA1

    57e02d36823e906e1aed156ad79796a07cf1e621

  • SHA256

    583d6e9ddac7dc5c18c15d71a93838d1bf8b387209e70b56e2a81f7bfa372093

  • SHA512

    82344d7152e9cff5a090256cb2948ae8fdf02beed4897f7896ecc58af0fa1d64cc005c03ea67c4696a077337564830743561c10de0c5e0a61264d01217ddcbdc

  • SSDEEP

    12288:PyveQB/fTHIGaPkKEYzURNAwbAg82AOjmPME6A7t:PuDXTIGaPhEYzUzA0qcCF6q

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMzOTg2MjA5MzIwOTUzODY0MQ.GrpiD8.MHQtwHauUCcy-w_RS4hczb5z1DjBFLEDxZ7X4c

  • server_id

    1339862511209545762

Targets

    • Target

      test‮gpj.exe

    • Size

      653KB

    • MD5

      d5892e4fa8328d72fe4f5a6a2807aa22

    • SHA1

      57e02d36823e906e1aed156ad79796a07cf1e621

    • SHA256

      583d6e9ddac7dc5c18c15d71a93838d1bf8b387209e70b56e2a81f7bfa372093

    • SHA512

      82344d7152e9cff5a090256cb2948ae8fdf02beed4897f7896ecc58af0fa1d64cc005c03ea67c4696a077337564830743561c10de0c5e0a61264d01217ddcbdc

    • SSDEEP

      12288:PyveQB/fTHIGaPkKEYzURNAwbAg82AOjmPME6A7t:PuDXTIGaPhEYzUzA0qcCF6q

    Score
    10/10
    discordratpersistenceratrootkitstealerdiscovery

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks