Overview

overview

10

Static

static

3

isus.exe

windows7-x64

10

isus.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    isus.exe

  • Size

    1.5MB

  • Sample

    250222-bgkv2awqs7

  • MD5

    f7de6d9ea2041911a04ed9d0262d8ded

  • SHA1

    23425e39470fbba504a4d4c0053d52bad6647c5f

  • SHA256

    340e35785c40e2b1509d2ba4ba6e037239dba2e15429bdf52d5c1248b79b54fb

  • SHA512

    6eab15cde24aad37d319941f8e0f64fadb5d6146004cf7f6705ca69b7b5d29324a03ed6b7e374ae22e05c0a322b60f9b0facedde112e8586d31aba4f3ab2f067

  • SSDEEP

    24576:6ngHKYfXTkXy0ZJY3C4SHdvMJmCXZOG5UriaPsD679bPlmBkB1JmRZBR6WbMyxE:8gqKIXzEK9viXdariE79i0J63rxE

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTM0MTkyOTg5MzE4OTEyODIwMw.GKmqhS.1YQpOG9bGfxiaoozOzdsFcGuCs4hj1VVEF_Cdo

  • server_id

    1341930240167116860

Targets

    • Target

      isus.exe

    • Size

      1.5MB

    • MD5

      f7de6d9ea2041911a04ed9d0262d8ded

    • SHA1

      23425e39470fbba504a4d4c0053d52bad6647c5f

    • SHA256

      340e35785c40e2b1509d2ba4ba6e037239dba2e15429bdf52d5c1248b79b54fb

    • SHA512

      6eab15cde24aad37d319941f8e0f64fadb5d6146004cf7f6705ca69b7b5d29324a03ed6b7e374ae22e05c0a322b60f9b0facedde112e8586d31aba4f3ab2f067

    • SSDEEP

      24576:6ngHKYfXTkXy0ZJY3C4SHdvMJmCXZOG5UriaPsD679bPlmBkB1JmRZBR6WbMyxE:8gqKIXzEK9viXdariE79i0J63rxE

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks