General

  • Target

    83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead

  • Size

    490KB

  • Sample

    240425-ndg17aab63

  • MD5

    4f66d83ac5cd767b5d651fc7303e031d

  • SHA1

    2de6b6dcc979bed6905ea3d9514f6599c2cf2184

  • SHA256

    83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead

  • SHA512

    ee66b6f5024d57965d96a4420e15d7aef133005d4aaca254bc6ab0796174a9114c9180f5eb098486ed940c32306cfbe361af156cfa75f9d9f1145807240617fd

  • SSDEEP

    12288:pToPWBv/cpGrU3yyK2ToKLk7xCh6Wjgnu:pTbBv5rUVjTouk7xQ6Wjgu

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyOTQxMzUwMjU5MTE3NjcyNg.G9KrjP.D-XUbbPM5RZnvYvC1sooWa_RQE0mmSjhRciaaA

  • server_id

    1229419379473649684

Targets

    • Target

      83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead

    • Size

      490KB

    • MD5

      4f66d83ac5cd767b5d651fc7303e031d

    • SHA1

      2de6b6dcc979bed6905ea3d9514f6599c2cf2184

    • SHA256

      83ff41f5ac07fcd96bcfe6cea3b585e9d13ad81f35ffac0c2f10a3a891e71ead

    • SHA512

      ee66b6f5024d57965d96a4420e15d7aef133005d4aaca254bc6ab0796174a9114c9180f5eb098486ed940c32306cfbe361af156cfa75f9d9f1145807240617fd

    • SSDEEP

      12288:pToPWBv/cpGrU3yyK2ToKLk7xCh6Wjgnu:pTbBv5rUVjTouk7xQ6Wjgu

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks