General

  • Target

    SolaraBETA.exe

  • Size

    78KB

  • Sample

    240504-pwjheaec5w

  • MD5

    934de8bca4253c836a2098f335c7a8d7

  • SHA1

    7802dd411479e3217c7a48821ca3118d28fc461f

  • SHA256

    03bc44c43b05a84d73688bfa58272cc48131c6edf2b86919b4576935d7fe7fb9

  • SHA512

    43ed2f43a52a27908cf69b3e364b1a8a48b85396732b1d4436691e8d43fc77c944d9e7654ff990550a6b2e0f4f2c371d67936ae70c68ae22d683a2acaa58fcd7

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+iPIC:5Zv5PDwbjNrmAE+OIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTE5NTg0ODc1MjI0NjgyNTA1Mg.G7iwnj.U4hRA5hZjWdmprvtP3VL2iI2OPKuIwgzMWzywY

  • server_id

    1234555349349040179

Targets

    • Target

      SolaraBETA.exe

    • Size

      78KB

    • MD5

      934de8bca4253c836a2098f335c7a8d7

    • SHA1

      7802dd411479e3217c7a48821ca3118d28fc461f

    • SHA256

      03bc44c43b05a84d73688bfa58272cc48131c6edf2b86919b4576935d7fe7fb9

    • SHA512

      43ed2f43a52a27908cf69b3e364b1a8a48b85396732b1d4436691e8d43fc77c944d9e7654ff990550a6b2e0f4f2c371d67936ae70c68ae22d683a2acaa58fcd7

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+iPIC:5Zv5PDwbjNrmAE+OIC

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Disables Task Manager via registry modification

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks