General

  • Target

    762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20

  • Size

    650KB

  • Sample

    240504-tp3pxsdg88

  • MD5

    41177aaae97b728d3ef8281563bdaf34

  • SHA1

    217586ee4699157434f1568e6eee180690c5750c

  • SHA256

    762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20

  • SHA512

    01e6ba88d026818e3008b31bc3a359e6fa636ab966b762d67c7c32f5e7c29b0b187ad2259304f7ac5a1583a4684ea0bb9e7252ec3c16d711703aff633533fc5a

  • SSDEEP

    12288:9BdlwHRn+WlYV+Y2M1Hh4OiR8aFXW/tmxjnedOQxOAfjrFaE:9BkVdlYAfJb/FXWgxjFQxOIrFaE

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzMTYwODkyMTQwODY3MTgyNg.GyU5wW.z4dEi7ijUjrOfjBxpMvtoxwuv6X1yAlQjvlIuU

  • server_id

    1231610037986922578

Targets

    • Target

      762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20

    • Size

      650KB

    • MD5

      41177aaae97b728d3ef8281563bdaf34

    • SHA1

      217586ee4699157434f1568e6eee180690c5750c

    • SHA256

      762b7762f589d9c3bbf8d05245ab043f6bf98369600451f911c83f9fed3bab20

    • SHA512

      01e6ba88d026818e3008b31bc3a359e6fa636ab966b762d67c7c32f5e7c29b0b187ad2259304f7ac5a1583a4684ea0bb9e7252ec3c16d711703aff633533fc5a

    • SSDEEP

      12288:9BdlwHRn+WlYV+Y2M1Hh4OiR8aFXW/tmxjnedOQxOAfjrFaE:9BkVdlYAfJb/FXWgxjFQxOIrFaE

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks