Overview

overview

10

Static

static

3

ec9f0c2467...91.exe

windows7-x64

10

ec9f0c2467...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec9f0c246792fc07885b9a30698de7efcdb5016a2d357d84a46c1c8330b61391

  • Size

    596KB

  • Sample

    250228-k2cjtswzav

  • MD5

    72ca46638bb4878f9d947b40a500e3e3

  • SHA1

    50f3c40d05ec5a1d05248823a6dfac066543cce8

  • SHA256

    ec9f0c246792fc07885b9a30698de7efcdb5016a2d357d84a46c1c8330b61391

  • SHA512

    c93612afb7a6f20bbf9a4f386a349998d935f2c181fdde40aef196db6a7902c521204e36cbba0655540d2cd80bdeb25c2ceddc67615fb1fde71e621124a1fc5e

  • SSDEEP

    12288:lngM8K8P4ElXddah8kyDIZJ1a+oKl9Qu3JS:lngHKYfXTkXy0ZJ1a/693g

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTM0NDkyNDczNTA0MDkxMzQ0OQ.GXVPBp.wUCajW24aDdqQpwnR3XHj59jfp5HQVOhC_pLuE

  • server_id

    1344925757125693500

Targets

    • Target

      ec9f0c246792fc07885b9a30698de7efcdb5016a2d357d84a46c1c8330b61391

    • Size

      596KB

    • MD5

      72ca46638bb4878f9d947b40a500e3e3

    • SHA1

      50f3c40d05ec5a1d05248823a6dfac066543cce8

    • SHA256

      ec9f0c246792fc07885b9a30698de7efcdb5016a2d357d84a46c1c8330b61391

    • SHA512

      c93612afb7a6f20bbf9a4f386a349998d935f2c181fdde40aef196db6a7902c521204e36cbba0655540d2cd80bdeb25c2ceddc67615fb1fde71e621124a1fc5e

    • SSDEEP

      12288:lngM8K8P4ElXddah8kyDIZJ1a+oKl9Qu3JS:lngHKYfXTkXy0ZJ1a/693g

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks