Overview

overview

10

Static

static

3

nigga_xDgpj.exe

windows7-x64

10

nigga_xDgpj.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nigga_xDgpj

  • Size

    560KB

  • Sample

    250227-yzn2qsxvet

  • MD5

    4130a7337ae3c2f72a312b1db9de064a

  • SHA1

    3b1eeb1281ec7ca85f26f36f8294a76b715eef97

  • SHA256

    243b60f492841d17b52e3b5c706a8670828b7d88d2e2dc0374539d5134b57b24

  • SHA512

    c2a42111cfb30d128c1b4b57e1a0e704658747b27016ef41560efee2a59c52d7e9c5ae6a06219478955e8b868014b1a44593ecdf2617413bc0de939c3f29ad05

  • SSDEEP

    6144:xE+yclwQKjdn+WPtYVJIoBfYhX9Rvn5lEvuh/2ODio6/lb:xBdlwHRn+WlYV+5hrxS2h21oOb

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTM0NDcyNDEzNTI0NjQzMDIzOQ.GGKgtT.gXaA8zDpJ8lHXN-X0I59jvy0XMmqHOu4MC1b_A

  • server_id

    1340437348676010064

Targets

    • Target

      nigga_xDgpj

    • Size

      560KB

    • MD5

      4130a7337ae3c2f72a312b1db9de064a

    • SHA1

      3b1eeb1281ec7ca85f26f36f8294a76b715eef97

    • SHA256

      243b60f492841d17b52e3b5c706a8670828b7d88d2e2dc0374539d5134b57b24

    • SHA512

      c2a42111cfb30d128c1b4b57e1a0e704658747b27016ef41560efee2a59c52d7e9c5ae6a06219478955e8b868014b1a44593ecdf2617413bc0de939c3f29ad05

    • SSDEEP

      6144:xE+yclwQKjdn+WPtYVJIoBfYhX9Rvn5lEvuh/2ODio6/lb:xBdlwHRn+WlYV+5hrxS2h21oOb

    Score
    10/10
    discordratdiscoverypersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks