General
-
Target
1blScenical_20K_-_16x.piz.exe
-
Size
523KB
-
Sample
240510-eabkkacb82
-
MD5
64a2c79e246b7146369116c889f213f9
-
SHA1
7444066ee8820f3f8ad0829cd33304c9e0c79b8f
-
SHA256
2e771dba0b3a759cfe36f121d6cbdbad4df8017bf0727166fe8e32c9629b4a25
-
SHA512
bf8dfe69c8d806d00fac528521a6d92580646aa55a7f3d374cd72c4409712014c425493e4d8cbb7e4c08172745ec5f054d9895f7bac5014765b36af56ef21a84
-
SSDEEP
12288:nCQjgAtAHM+vetZxF5EWry8AJGy0+6Bd3X3uSN3mQ:n5ZWs+OZVEWry8AFwBd3X3JNWQ
Malware Config
Extracted
discordrat
-
discord_token
MTIzNzM5MzAyNjUyODMxNzQ2MA.G0y1Xb.9o_1Ees0G6RNPvIZ60KfHPTQzAoIqKeZUfoAhc
-
server_id
1237392946488410233
Targets
-
-
Target
1blScenical_20K_-_16x.piz.exe
-
Size
523KB
-
MD5
64a2c79e246b7146369116c889f213f9
-
SHA1
7444066ee8820f3f8ad0829cd33304c9e0c79b8f
-
SHA256
2e771dba0b3a759cfe36f121d6cbdbad4df8017bf0727166fe8e32c9629b4a25
-
SHA512
bf8dfe69c8d806d00fac528521a6d92580646aa55a7f3d374cd72c4409712014c425493e4d8cbb7e4c08172745ec5f054d9895f7bac5014765b36af56ef21a84
-
SSDEEP
12288:nCQjgAtAHM+vetZxF5EWry8AJGy0+6Bd3X3uSN3mQ:n5ZWs+OZVEWry8AFwBd3X3JNWQ
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-