General
-
Target
Kinito_horror.exe
-
Size
536KB
-
Sample
240521-njy7nabh29
-
MD5
ad96c8a2754e9842815afb1cfdb13581
-
SHA1
422d8a2a47975ca27ae9824a99e438d4e28ece68
-
SHA256
76629cc6ae5d1de771cf074cee28eb1b7e5ce236061a19f76fee039ac8f4d81d
-
SHA512
f4250022659705cb7e75530af1ec64f732942bc3db305d5e3e716eda61cfd8308ee2ca0d89b499696b8e7e2bdf8edae7b1e87387dfdc8dcd210eb9485efb70a8
-
SSDEEP
12288:fyveQB/fTHIGaPkKEYzURNA/bAg81p46UKXZlyyijD:fuDXTIGaPhEYzUzATqnxXRijD
Malware Config
Extracted
discordrat
-
discord_token
MTI0MDA4ODk5MTQwODE5MzYyOA.GRW5NI.uFPBjoMjH0IQ-FgxpiJSv246Xes3LsI1_5H1Y8
-
server_id
1239434854953648229
Targets
-
-
Target
Kinito_horror.exe
-
Size
536KB
-
MD5
ad96c8a2754e9842815afb1cfdb13581
-
SHA1
422d8a2a47975ca27ae9824a99e438d4e28ece68
-
SHA256
76629cc6ae5d1de771cf074cee28eb1b7e5ce236061a19f76fee039ac8f4d81d
-
SHA512
f4250022659705cb7e75530af1ec64f732942bc3db305d5e3e716eda61cfd8308ee2ca0d89b499696b8e7e2bdf8edae7b1e87387dfdc8dcd210eb9485efb70a8
-
SSDEEP
12288:fyveQB/fTHIGaPkKEYzURNA/bAg81p46UKXZlyyijD:fuDXTIGaPhEYzUzATqnxXRijD
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-