General

  • Target

    Client-built.exe

  • Size

    78KB

  • Sample

    240415-pc4z1aeb53

  • MD5

    d33f63ad58ec035142f60e75d843d2c4

  • SHA1

    dc313419c8093ad73dfedce91b6a8b3a0778f4f6

  • SHA256

    77c7b76fa1b6ccddf78e18c3bf326da4959ac429abfd6d2803a3a18d2f568a4e

  • SHA512

    c33db013ad726b43328b1f2caade05584d1932e4da72194766bf92abe2a847d78b7f03bedd915fc959b3f7c3ec7d88cc09625d8c11b4b2d2726189384510c3bb

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+VPIC:5Zv5PDwbjNrmAE+FIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyOTQwMTgyMTIyMzg0NTk2MQ.GNBkL2.fyH6QqmGNy52Fx0WNTo5XR7RLT2EQEAdGT-F68

  • server_id

    1209983056593817710

Targets

    • Target

      Client-built.exe

    • Size

      78KB

    • MD5

      d33f63ad58ec035142f60e75d843d2c4

    • SHA1

      dc313419c8093ad73dfedce91b6a8b3a0778f4f6

    • SHA256

      77c7b76fa1b6ccddf78e18c3bf326da4959ac429abfd6d2803a3a18d2f568a4e

    • SHA512

      c33db013ad726b43328b1f2caade05584d1932e4da72194766bf92abe2a847d78b7f03bedd915fc959b3f7c3ec7d88cc09625d8c11b4b2d2726189384510c3bb

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+VPIC:5Zv5PDwbjNrmAE+FIC

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks