Overview

overview

10

Static

static

10

echo-5A7E8...-f.exe

windows7-x64

10

echo-5A7E8...-f.exe

windows10-2004-x64

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-02-2025 14:36

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    echo-5A7E85-dWEyYXBi-wZdZlN-f.exe

  • Size

    109KB

  • MD5

    8ff7691ce984d8240d93140470ee90da

  • SHA1

    e3f1ae792adab6026152b2a1733d42f91eb8b4b0

  • SHA256

    c3f50c1a06d78569baaffb4c0078e145541b76179aece4283936f209291208fd

  • SHA512

    8ab51ffc0fd628718f757ae5efba9cd781a17310350d2f4098b2785371714dffa5a398683c41e0376dd6256a5de4cf91c24e0f78af9d830e715178c877a5dbf3

  • SSDEEP

    3072:EbRltj4wkI6yNKv0YhNq/BVPsbwNrDZWsH:Ent239qpdsb+r

Score
10/10
discordratpersistenceransomwareratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTM0MTQxNTExNjMxNDM3ODMzMg.GLIZah.vcBmaDTBMQ_tIpXZH3Eu4541gUQs30_4_YK8fg

  • server_id

    1341228042776875089

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\echo-5A7E85-dWEyYXBi-wZdZlN-f.exe
    "C:\Users\Admin\AppData\Local\Temp\echo-5A7E85-dWEyYXBi-wZdZlN-f.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2180-0-0x00007FF9A1483000-0x00007FF9A1485000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2180-1-0x00000206CC810000-0x00000206CC830000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2180-2-0x00000206E6E50000-0x00000206E7012000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2180-3-0x00007FF9A1480000-0x00007FF9A1F41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2180-4-0x00000206E7650000-0x00000206E7B78000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2180-5-0x00007FF9A1483000-0x00007FF9A1485000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2180-6-0x00007FF9A1480000-0x00007FF9A1F41000-memory.dmp

    Filesize

    10.8MB

    Download