Resubmissions
29-02-2024 11:03
240229-m5qxqseh9s 10General
-
Target
picgnp.scr
-
Size
1.6MB
-
Sample
240229-m5qxqseh9s
-
MD5
b2ac9531873f998d5fb3e2e86eab75ce
-
SHA1
616dcde73f473400f1e58371c8ceb32c5d0c5c92
-
SHA256
5370a2742be869936e788f2112e041cba9bbda26c33bfd506b6caf451af3ed47
-
SHA512
d037f7a2616f7ad596f91268346348e47074ab708e3dae62c3f848f262e366cb1113e9f43fd9ce34bb8c1d2d7679527459258ee0df463f6185a17d60fb265677
-
SSDEEP
24576:wTbBv5rUew+HLMqzfzvyOCTwZAm9o455f4wU4x2suJT+Q1LYusnh0l6QtJc:iBPwgIqzLqOCEemN55Aw3xPw10rCrvc
Malware Config
Extracted
discordrat
-
discord_token
MTE0NDY2MjE4NjUzMTIyOTcxNg.GxP-zd.5nNyoSDaBVHiqb6kNGupvGme5l9Il5NEzdgWMY
-
server_id
1189492681680887868
Targets
-
-
Target
picgnp.scr
-
Size
1.6MB
-
MD5
b2ac9531873f998d5fb3e2e86eab75ce
-
SHA1
616dcde73f473400f1e58371c8ceb32c5d0c5c92
-
SHA256
5370a2742be869936e788f2112e041cba9bbda26c33bfd506b6caf451af3ed47
-
SHA512
d037f7a2616f7ad596f91268346348e47074ab708e3dae62c3f848f262e366cb1113e9f43fd9ce34bb8c1d2d7679527459258ee0df463f6185a17d60fb265677
-
SSDEEP
24576:wTbBv5rUew+HLMqzfzvyOCTwZAm9o455f4wU4x2suJT+Q1LYusnh0l6QtJc:iBPwgIqzLqOCEemN55Aw3xPw10rCrvc
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-