General

  • Target

    prestigev2

  • Size

    470KB

  • Sample

    240425-3rtz8sgc72

  • MD5

    ab5ff00162c761144b4d02486b3c0b08

  • SHA1

    102111e6d7cd70274a2b9e5c57d3099ee8f0e79f

  • SHA256

    4d12cef8e56f92b53f548491b58deb9e774c3739301b7d21d87d62cf1256831b

  • SHA512

    18a2fe795c92d00b0523d460c2f460515d9b39979c694a93f4d47f13f429f518b94db0c39c176d32d1e9ecb84eaa7e33e4d53814b31c8d206296ad9543b696ba

  • SSDEEP

    6144:XE+yclwQKjdn+WPtYVJIoBfUuC4jI4eYOywyKQtgKuXQAZKRZS5jMfUoTf:XBdlwHRn+WlYV+934jQYOywjggga2j

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyNzQyMzE4MDEwMTEyNDEyNw.GQOmio.DYcpMY415SdKKyjsQySmQRxNjb4DdWgtJzAzRQ

  • server_id

    1233198387088719893

Targets

    • Target

      prestigev2

    • Size

      470KB

    • MD5

      ab5ff00162c761144b4d02486b3c0b08

    • SHA1

      102111e6d7cd70274a2b9e5c57d3099ee8f0e79f

    • SHA256

      4d12cef8e56f92b53f548491b58deb9e774c3739301b7d21d87d62cf1256831b

    • SHA512

      18a2fe795c92d00b0523d460c2f460515d9b39979c694a93f4d47f13f429f518b94db0c39c176d32d1e9ecb84eaa7e33e4d53814b31c8d206296ad9543b696ba

    • SSDEEP

      6144:XE+yclwQKjdn+WPtYVJIoBfUuC4jI4eYOywyKQtgKuXQAZKRZS5jMfUoTf:XBdlwHRn+WlYV+934jQYOywjggga2j

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks