General

  • Target

    message (1).txt

  • Size

    8KB

  • Sample

    240508-mlafmsgb2t

  • MD5

    e2fdc6f284b1e89db643bc6ad0ada0ec

  • SHA1

    cc972dc3a3abc14f611d457c9091251f3366afc1

  • SHA256

    e15c1ff4c2f72df0d0acee08eaf869badb5d5a377ba64c4a172f060d45ab8585

  • SHA512

    0c3f6674d9122eff2f39e4db6f120fa7cb1f41d1f9e871cb2af60a5fdbaddba3e2311393c72ce11c70075678581a1aca0c44a950a5fa92df62dd2ce0c168adc4

  • SSDEEP

    192:yYV3EpBHRxTf+cQt8qyt8qTRaS9Rdh7sN6mE2oAoTE2LTs:yzUGK

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzNzcwMzYwNDc3MzcxNTk5OA.GpnuZW.icMd9S8Xo3T9RHsU9bXhiKpUJaK62FUGK13WN4

  • server_id

    1237709600602722354

Targets

    • Target

      message (1).txt

    • Size

      8KB

    • MD5

      e2fdc6f284b1e89db643bc6ad0ada0ec

    • SHA1

      cc972dc3a3abc14f611d457c9091251f3366afc1

    • SHA256

      e15c1ff4c2f72df0d0acee08eaf869badb5d5a377ba64c4a172f060d45ab8585

    • SHA512

      0c3f6674d9122eff2f39e4db6f120fa7cb1f41d1f9e871cb2af60a5fdbaddba3e2311393c72ce11c70075678581a1aca0c44a950a5fa92df62dd2ce0c168adc4

    • SSDEEP

      192:yYV3EpBHRxTf+cQt8qyt8qTRaS9Rdh7sN6mE2oAoTE2LTs:yzUGK

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks