General

  • Target

    Fivem free cheat.exe

  • Size

    78KB

  • Sample

    240516-xd4dvsag22

  • MD5

    132c4cf7a8fd37e110b6fc2a95db89d5

  • SHA1

    e72678f6ba27fc4f0e0fb10b2c6a27ae746f884c

  • SHA256

    84e7eedb49ebd49bff86478c263d762cee2ddf2e6978459c332ceeff5bcc35e5

  • SHA512

    163b788b3db777683ace74f4c966c5674712eb1fac9eecd0c384153b49425deb02f4f2a925fd8b327e512f06f46bae1171d036d6cf20e301a2df230ef9af82b1

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0MDcyOTAxNzg4ODUzODY1NA.G5rU91.u7EjqF3au1XeSZ31QdazSwNqM2h9lVjKcJ-rKU

  • server_id

    1240729454771306547

Targets

    • Target

      Fivem free cheat.exe

    • Size

      78KB

    • MD5

      132c4cf7a8fd37e110b6fc2a95db89d5

    • SHA1

      e72678f6ba27fc4f0e0fb10b2c6a27ae746f884c

    • SHA256

      84e7eedb49ebd49bff86478c263d762cee2ddf2e6978459c332ceeff5bcc35e5

    • SHA512

      163b788b3db777683ace74f4c966c5674712eb1fac9eecd0c384153b49425deb02f4f2a925fd8b327e512f06f46bae1171d036d6cf20e301a2df230ef9af82b1

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks