Resubmissions

13-04-2024 07:40

240413-jhl4gscb54 10

General

  • Target

    Client-built.exe

  • Size

    78KB

  • Sample

    240413-jhl4gscb54

  • MD5

    4a0cc04717fee11ba7c1a8d2e4fbf757

  • SHA1

    4115e8d22583339046421c0656b0cb1b1cebb0af

  • SHA256

    f72d36232ed06000dc66be2f7ab2a0e51818208d3520adb4105e16b30da6f48a

  • SHA512

    ad2e3d8aadd179954e470e0aaa702ae07abf2eff89d00fd03c4f83d186a15a32fd44343673b69cfba2a7e1dd14dbc901aabf0c2e8950ccd1652b7165a99c493d

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nPIC:5Zv5PDwbjNrmAE+PIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyODYwNjYyMzMyOTU1MDM5Ng.Gr7Tkd.cmQjgPw9HSiUwf4tv8Ejyejhej4eIDidxpusFI

  • server_id

    1228605517560287292

Targets

    • Target

      Client-built.exe

    • Size

      78KB

    • MD5

      4a0cc04717fee11ba7c1a8d2e4fbf757

    • SHA1

      4115e8d22583339046421c0656b0cb1b1cebb0af

    • SHA256

      f72d36232ed06000dc66be2f7ab2a0e51818208d3520adb4105e16b30da6f48a

    • SHA512

      ad2e3d8aadd179954e470e0aaa702ae07abf2eff89d00fd03c4f83d186a15a32fd44343673b69cfba2a7e1dd14dbc901aabf0c2e8950ccd1652b7165a99c493d

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nPIC:5Zv5PDwbjNrmAE+PIC

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks