rutcsx.dhj
First submission 2024-10-16 11:43:03
File details
| File type: | PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 78.5 KB (80384 bytes) |
| Compile time: | 2084-03-20 19:56:28 |
| MD5: | 415af0e580eddc97922b03f1f669b061 |
| SHA1: | eb36be763cf47cc5e233db1bf443c8a9c4926dd3 |
| SHA256: | 450a999d96b05bebd799e0952f643044d521dc2b61aec9c2f251322421112c3e |
| Sections 2 | .text��� .rsrc��� |
| Directories 1 | resource |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 46/77 VT report date: 2024-10-13 23:23:24 |
| Malware Type 1 | trojan |
| Threat Type 3 | msil jalapeno discordrat |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXps://files.catbox.moe/rutcsx.dhj  |
files.catbox.moe |
2024-10-16 11:43:03 |
PE Sections 0 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x2000 | 0x13038 | 78336 | acca0621e067929aed914f1987abcfd009c7864d | ca1e567a4981a3338a89d6b79f267c16 | |
| .rsrc��� | 0x16000 | 0x5b6 | 1536 | 33b32cf2f4246a9195d793df18bac3ba656fc167 | bea68bc442fa63fbe2807c2fdac84be0 |
PE Resources 2
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x160a0 | 812 | |
| RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x163cc | 490 |
Meta infos 12
| LegalCopyright: | Copyright \xa9 2022 |
| Assembly Version: | 1.0.0.0 |
| InternalName: | Discord rat.exe |
| FileVersion: | 1.0.0.0 |
| CompanyName: | |
| LegalTrademarks: | |
| Comments: | |
| ProductName: | Discord rat |
| ProductVersion: | 1.0.0.0 |
| FileDescription: | Discord rat |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | Discord rat.exe |
Packers detected 2
| Microsoft Visual C++ vx.x DLL |
| Microsoft Visual C++ v6.0 |
Strings analysis - File found
| Text |
| Output.txt |
| Tokens.txt |
| webcams.txt |
| help.txt |
| password.txt |
| Library |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/unrootkit.dll |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/rootkit.dll |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/PasswordStealer.dll |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll |
| KERNEL32.dll |
| ntdll.dll |
| USER32.dll |
Strings analysis - Possible URLs found 10
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/PasswordStealer.dll |
| http://www.google.com/maps/place/ |
| https://discord.com/api/v9/guilds/ |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll |
| https://geolocation-db.com/json |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/unrootkit.dll |
| https://file.io/ |
| https://discord.com/api/v9/channels/ |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/rootkit.dll |
| https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll |