General

  • Target

    Client-built.exe

  • Size

    78KB

  • Sample

    240515-w4c4xsde5w

  • MD5

    513fd46951e84bb03ce06b2cb9b36c87

  • SHA1

    0178e00984bd01f6c4139fcafdd66239068c8aab

  • SHA256

    1c35c705b1631b42ec9031cef8e480dcde919b5edd053f44c679ed60ef1e9861

  • SHA512

    a7b2610fdef025d0e8dec106353442a47e6713c92466f6269834966133a255c4165cf4c105d3a3e3064ef7db7fbb9cc3e567d6f382c2e39e6b3934479e0694a6

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0MDM2OTMwNTAxOTg3OTYxNQ.GWVbBm.czywoPvQW4vkvutIFNvm-Jgf0tjXRH09lViLf0

  • server_id

    1240368331786027058

Targets

    • Target

      Client-built.exe

    • Size

      78KB

    • MD5

      513fd46951e84bb03ce06b2cb9b36c87

    • SHA1

      0178e00984bd01f6c4139fcafdd66239068c8aab

    • SHA256

      1c35c705b1631b42ec9031cef8e480dcde919b5edd053f44c679ed60ef1e9861

    • SHA512

      a7b2610fdef025d0e8dec106353442a47e6713c92466f6269834966133a255c4165cf4c105d3a3e3064ef7db7fbb9cc3e567d6f382c2e39e6b3934479e0694a6

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks