General

  • Target

    mtree.jpg.exe

  • Size

    518KB

  • Sample

    240508-qgh4rsec6y

  • MD5

    eaa398192f1c312d60688e027b179edb

  • SHA1

    256e90ab6bfd0b19a44d73649d07d6c10b19a7c3

  • SHA256

    56d6515c05a0b8622e592c88c886c5beaafba13b3ec8df773a3f15e0e315b4bb

  • SHA512

    e502f831348b195f99daa55404332c6baa6cf7c5ab47388d75a3ef47b607c32a276ec8008c2b0a699deff148264e9262cb41bd372414d3cdd48b60b000623ae9

  • SSDEEP

    12288:FCQjgAtAHM+vetZxF5EWry8AJGy0yQKMIYJiIPalXSu307c:F5ZWs+OZVEWry8AFBuJitx/3r

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY

  • server_id

    1237709600602722354

Targets

    • Target

      mtree.jpg.exe

    • Size

      518KB

    • MD5

      eaa398192f1c312d60688e027b179edb

    • SHA1

      256e90ab6bfd0b19a44d73649d07d6c10b19a7c3

    • SHA256

      56d6515c05a0b8622e592c88c886c5beaafba13b3ec8df773a3f15e0e315b4bb

    • SHA512

      e502f831348b195f99daa55404332c6baa6cf7c5ab47388d75a3ef47b607c32a276ec8008c2b0a699deff148264e9262cb41bd372414d3cdd48b60b000623ae9

    • SSDEEP

      12288:FCQjgAtAHM+vetZxF5EWry8AJGy0yQKMIYJiIPalXSu307c:F5ZWs+OZVEWry8AFBuJitx/3r

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks