General

  • Target

    exploitshit.zip

  • Size

    569KB

  • Sample

    240414-x3kcaabd84

  • MD5

    f0373216bec8ab2c5800dfdbb580410c

  • SHA1

    5cb7c237662dff147fbf73734291ca341e8c0b38

  • SHA256

    bc797ac3593f379378d338d437f476a942fc1e3c1b8684e50cb9174fc24f58b9

  • SHA512

    91984dc0219ba88223e60339909c6a2fe7f9b01e522fbe98f1d09c6ac67f874da7772188a4b8355596bd27941ec17b5c7e34e0979ad62ac494ed505fdefba740

  • SSDEEP

    12288:LroKQGq3VflVQudezPCaRARfCIG8bzudhBV2rBrRqKrTUCbMIGu8k:Lrdq3VfliudMlRdgSHSBNN47ju8k

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyMjg4ODc4NjY4MjQ1MDAwMA.GrWWth.lufsbZUbCt6RpsyO9yf6mU1zPT_mACVqxKnhtg

  • server_id

    1229118384591994951

Targets

    • Target

      exploit.exe

    • Size

      452KB

    • MD5

      68bc76c2ed77201f7d2860496c9f59ad

    • SHA1

      8192f2529a0b43d84e8ce9a4a579baa2db0a9590

    • SHA256

      b08f9e7c8ce2f261154a026845b85fe29f6ba5ad2563ef289e6e3bb6aba8cb9a

    • SHA512

      b25f85766478c8b6595aa0badccca7b5741cef06cd7cfe8bee041d7d1727d0ba5308cc60be6d3cfa9390c1cd15cf2ebe86e82eb7e421abd775e7c62610517719

    • SSDEEP

      12288:U0kqjVnl36ud0zR/6CtQ9PUHIG8DhMuD7R:HkqjVnlqud+/2P+AOE7R

    Score
    1/10
    • Target

      vscode.bat

    • Size

      274KB

    • MD5

      0d8058c9dafb33c14781290f74cff9f5

    • SHA1

      505b9ec433f9c26319ad3b06eaed2f9579fb3d1d

    • SHA256

      1e938491719616ade4bd63d17be73b26d6856fdca3c1255e99ab004ace719d4b

    • SHA512

      886bae7d223072ee04852d9abce1aa05801ad50e6681cb4ed9a784d952e353fdf639713b706af8e1b7019422b32573ba75441e5cb60e5abdff908ad65f090b0b

    • SSDEEP

      6144:aaH4va70scVkDAa5t8PL1ZHGoJtaCnK2RU+Xe/L:atR9VKAa5t8PBVdvXTXe/L

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks