Overview

overview

10

Static

static

3

Desktop.jpg.exe

windows7-x64

10

Desktop.jpg.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2025, 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Desktop.jpg.exe

  • Size

    1.5MB

  • MD5

    f7de6d9ea2041911a04ed9d0262d8ded

  • SHA1

    23425e39470fbba504a4d4c0053d52bad6647c5f

  • SHA256

    340e35785c40e2b1509d2ba4ba6e037239dba2e15429bdf52d5c1248b79b54fb

  • SHA512

    6eab15cde24aad37d319941f8e0f64fadb5d6146004cf7f6705ca69b7b5d29324a03ed6b7e374ae22e05c0a322b60f9b0facedde112e8586d31aba4f3ab2f067

  • SSDEEP

    24576:6ngHKYfXTkXy0ZJY3C4SHdvMJmCXZOG5UriaPsD679bPlmBkB1JmRZBR6WbMyxE:8gqKIXzEK9viXdariE79i0J63rxE

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTM0MTkyOTg5MzE4OTEyODIwMw.GKmqhS.1YQpOG9bGfxiaoozOzdsFcGuCs4hj1VVEF_Cdo

  • server_id

    1341930240167116860

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Desktop.jpg.exe
    "C:\Users\Admin\AppData\Local\Temp\Desktop.jpg.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\webhook.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\webhook.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2228 -s 596
        3⤵
        • Loads dropped DLL
        PID:2700
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\webhook.exe
    Filesize

    78KB

    MD5

    3f86e2faf92a2c603f3bb8ffdc4c6fd4

    SHA1

    795a747084411c87ded885253525b1aa1edc13d0

    SHA256

    d0cb866aeb879c2216c2e3faeea147115eca89b160f067be64d61c7cbccfe65e

    SHA512

    1b9c2e81e59bc82c9204deecf5ca94795fe92cce1a0d7b28353c45e25d0e7c008f48fe66c2c508c4c24f7dad7a827bcb48f1922e40116a35d30d6eb4769982c3

    Download Submit

  • memory/1632-4-0x0000000003210000-0x0000000003220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2228-11-0x000007FEF5AF3000-0x000007FEF5AF4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2228-12-0x000000013F660000-0x000000013F678000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2228-17-0x000007FEF5AF0000-0x000007FEF64DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2228-19-0x000007FEF5AF3000-0x000007FEF5AF4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2228-20-0x000007FEF5AF0000-0x000007FEF64DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2228-21-0x000007FEF5AF0000-0x000007FEF64DC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2512-23-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2512-24-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download