General

  • Target

    s‮gpj.exe

  • Size

    563KB

  • Sample

    240416-y6bd8adc6z

  • MD5

    0bbc0a7dc1a58f8a33fbd893ec737bc2

  • SHA1

    6cc449fffcf0111d62ff0475afb30eef7d774089

  • SHA256

    9f7154d3786a9f445d249454777da82ebca55681b0fdbe54f1695ce31a30543f

  • SHA512

    d6a4cb34a70180951925d5414c1a563a37a5a6d5c92b6fc8c741711637ebd1af60a0e375e00334599f322226a084641f099042b524f7152c720f8a2e7ee14445

  • SSDEEP

    12288:oCQjgAtAHM+vetZxF5EWry8AJGy0yfnSWv46NuV9TXH2505/N:o5ZWs+OZVEWry8AFBTjNufH2kV

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyOTg4MjMyNDM2ODM2MzcwMA.GrfReS.9yWuSoWr3uhKK0b6qurk33JdihJVamaZgss9Yg

  • server_id

    1229880755757514752

Targets

    • Target

      s‮gpj.exe

    • Size

      563KB

    • MD5

      0bbc0a7dc1a58f8a33fbd893ec737bc2

    • SHA1

      6cc449fffcf0111d62ff0475afb30eef7d774089

    • SHA256

      9f7154d3786a9f445d249454777da82ebca55681b0fdbe54f1695ce31a30543f

    • SHA512

      d6a4cb34a70180951925d5414c1a563a37a5a6d5c92b6fc8c741711637ebd1af60a0e375e00334599f322226a084641f099042b524f7152c720f8a2e7ee14445

    • SSDEEP

      12288:oCQjgAtAHM+vetZxF5EWry8AJGy0yfnSWv46NuV9TXH2505/N:o5ZWs+OZVEWry8AFBTjNufH2kV

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks