General
-
Target
b04ffd94e39de8e648b97403afdb5747c453f6d20876920c2eb8d41f7453f537
-
Size
604KB
-
Sample
240522-q566hadf7x
-
MD5
5dc72471a3a544dfbd2ebd65fad3a403
-
SHA1
9d953d6402225705068713cb203a30f317f7cd31
-
SHA256
b04ffd94e39de8e648b97403afdb5747c453f6d20876920c2eb8d41f7453f537
-
SHA512
8db977c7e467caa30d260b2311a469746890c3b80f8718085e1d6d1117f2ed976a892409f6ca842c51c5ad10651f8e5dc950391fb08fb39fd7c5cdb237d6c720
-
SSDEEP
12288:TCQjgAtAHM+vetZxF5EWry8AJGy0y/DODruQ5EqwmIBet:T5ZWs+OZVEWry8AFBmDEqxIkt
Malware Config
Extracted
discordrat
-
discord_token
MTI0MjgyODA0NTYzMTQ5MjE0Nw.GaK9_b.DkeSn-Pej4eo5IcrUmOmowhbH0dXKH8vZX3FZ4
-
server_id
1242477718638170204
Targets
-
-
Target
b04ffd94e39de8e648b97403afdb5747c453f6d20876920c2eb8d41f7453f537
-
Size
604KB
-
MD5
5dc72471a3a544dfbd2ebd65fad3a403
-
SHA1
9d953d6402225705068713cb203a30f317f7cd31
-
SHA256
b04ffd94e39de8e648b97403afdb5747c453f6d20876920c2eb8d41f7453f537
-
SHA512
8db977c7e467caa30d260b2311a469746890c3b80f8718085e1d6d1117f2ed976a892409f6ca842c51c5ad10651f8e5dc950391fb08fb39fd7c5cdb237d6c720
-
SSDEEP
12288:TCQjgAtAHM+vetZxF5EWry8AJGy0y/DODruQ5EqwmIBet:T5ZWs+OZVEWry8AFBmDEqxIkt
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-