General
-
Target
3ccf4235af2207382b30205413c01115b451e71c707deab22c289fb419797a32
-
Size
400KB
-
Sample
240324-lzj2kaed41
-
MD5
469bdecc5986331657af133343af539b
-
SHA1
aa3ec8039bf48439b515345c82b48d5294814dd9
-
SHA256
3ccf4235af2207382b30205413c01115b451e71c707deab22c289fb419797a32
-
SHA512
b668743f2a6c427ca64944d7c0a458d10931030388956141338fdc3ce0d1e6b5055b22180e2ac7937bdc637ba596d8927a8665263fb40915d27ec914dfca5e89
-
SSDEEP
6144:0TouKrWBEu3/Z2lpGDHU3ykJgCpKGgBdUhcX7elbKTuka/NIC:0ToPWBv/cpGrU3yZC6Bd3X3ukuNR
Malware Config
Extracted
discordrat
-
discord_token
MTIyMTM3MDg0ODExMjU0MTcxNg.GYDtRI.F5HqgY6x5q5G9a0__txWfS7z09vzxp4I2qZdtY
-
server_id
1221371233510232085
Targets
-
-
Target
3ccf4235af2207382b30205413c01115b451e71c707deab22c289fb419797a32
-
Size
400KB
-
MD5
469bdecc5986331657af133343af539b
-
SHA1
aa3ec8039bf48439b515345c82b48d5294814dd9
-
SHA256
3ccf4235af2207382b30205413c01115b451e71c707deab22c289fb419797a32
-
SHA512
b668743f2a6c427ca64944d7c0a458d10931030388956141338fdc3ce0d1e6b5055b22180e2ac7937bdc637ba596d8927a8665263fb40915d27ec914dfca5e89
-
SSDEEP
6144:0TouKrWBEu3/Z2lpGDHU3ykJgCpKGgBdUhcX7elbKTuka/NIC:0ToPWBv/cpGrU3yZC6Bd3X3ukuNR
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-