General
-
Target
tsuama_prev.exe
-
Size
723KB
-
Sample
240520-t3xe3ahh7x
-
MD5
dce88e7ad345b8e46f6f1a1e6c054ee1
-
SHA1
3b6c33722213bc904f36479641be338cadb0ed83
-
SHA256
99da4d4cc09dffe76b5b74fddbb21450d12ca6aca5a37c67f46016c29f5df26b
-
SHA512
15d7af628bbcfe66208ed4103b9ece065e74e1f19dc6e4d0894e7f1e0e99b3b1c6c4df0f761a88b7725439e299e563888c331f2aa1f00336693b0c8be3fe3bce
-
SSDEEP
12288:XBdlwHRn+WlYV+9JaDrbQq/Quey0QiiJfpN9rm/D:XBkVdlYA/a3E6nDfV0D
Malware Config
Extracted
discordrat
-
discord_token
MTI0MTc0NjYzOTg0MDg3NDU3OA.G_FG-L.PSiYWFXjGesyKl24G4RozFNhsD_phExOrrLPEM
-
server_id
1241747319624302674
Targets
-
-
Target
tsuama_prev.exe
-
Size
723KB
-
MD5
dce88e7ad345b8e46f6f1a1e6c054ee1
-
SHA1
3b6c33722213bc904f36479641be338cadb0ed83
-
SHA256
99da4d4cc09dffe76b5b74fddbb21450d12ca6aca5a37c67f46016c29f5df26b
-
SHA512
15d7af628bbcfe66208ed4103b9ece065e74e1f19dc6e4d0894e7f1e0e99b3b1c6c4df0f761a88b7725439e299e563888c331f2aa1f00336693b0c8be3fe3bce
-
SSDEEP
12288:XBdlwHRn+WlYV+9JaDrbQq/Quey0QiiJfpN9rm/D:XBkVdlYA/a3E6nDfV0D
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-