General

  • Target

    d3af0683981a6be530dd33cfd2a162a6.jpg

  • Size

    20KB

  • Sample

    240430-t61xnaah7x

  • MD5

    2517471b9c3e8da21618ea1fd035a258

  • SHA1

    cf0fcdd45f599e4101329e9d3f0120e483b01c20

  • SHA256

    b42a22b9b3e418aa85242fbd7abe2b5c0025cccef0a20440590fb9982a43b11b

  • SHA512

    23585dabb595c17ac0a10fe787a70f8f33f0a1f7119f97110e28db3e88d147831dc96f6aaff705600916a75ac214908f5cebe06076e74e3173108ce617dcbd07

  • SSDEEP

    384:hDqYAsQHCSVq9Wi/rZL0pgp/3XR2BL2SFHdYqKdZkr:1AsWrVQWEL0pgRHEZ26HudZO

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzNDQ1ODc2ODU0MTA5Mzk4OQ.G1TXa2.7oRt2Q-Qp8mSG4vpWmR5JEhhANuTxxOXzb_0uk

  • server_id

    1191318589567934515

Targets

    • Target

      d3af0683981a6be530dd33cfd2a162a6.jpg

    • Size

      20KB

    • MD5

      2517471b9c3e8da21618ea1fd035a258

    • SHA1

      cf0fcdd45f599e4101329e9d3f0120e483b01c20

    • SHA256

      b42a22b9b3e418aa85242fbd7abe2b5c0025cccef0a20440590fb9982a43b11b

    • SHA512

      23585dabb595c17ac0a10fe787a70f8f33f0a1f7119f97110e28db3e88d147831dc96f6aaff705600916a75ac214908f5cebe06076e74e3173108ce617dcbd07

    • SSDEEP

      384:hDqYAsQHCSVq9Wi/rZL0pgp/3XR2BL2SFHdYqKdZkr:1AsWrVQWEL0pgRHEZ26HudZO

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks