discordrat | Client-built[.]exe[.]zip | Triage

Sharing

General

Target

Client-built.exe.zip
Size

28KB
MD5

024d4589cfb261d7ab31afe46e1a03e9
SHA1

ee25af1ead2e7dbd0224daaad298d6d0c49edcb9
SHA256

12fd2323d808e2dfb7228784ee7bf0505ffa4499fa927e8651d069b4942ec2fd
SHA512

5b08114b44c435f546238a7e6bd8d10229a0ec68b7d7e1ba96ebc5d451f5705bded745b769887f13586aa240d7962a62dbcf134161bc097aee5f43b9d7c22501
SSDEEP

768:6SZ2SiEavomVrQFxhXeApcubYuT/Kg8Yj89+H+Nddkj+Z:NYxEavF0F/uApcubYcKf9+H+Fkj6

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM0MDM1NDQ1Nzg4NzgzNDE3Mg.GHP40n.qgKs_aAJ6GfrjhyOwfOiR0SkXc_4RQULhFiNjU
server_id
1340349846682603622

Signatures

Discordrat family
discordrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Client-built.exe.bin

Files

Client-built.exe.zip
.zip

Password: infected
Client-built.exe.bin
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ