General

  • Target

    Google Chrome.exe

  • Size

    492KB

  • Sample

    240526-byb98aaf93

  • MD5

    d3ebb8649264196a80f589dcf0c97f9b

  • SHA1

    4bbeef7c604629c5cce710ff78dd1c032dc67fc5

  • SHA256

    9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689

  • SHA512

    fcb8dd306b96ff2cd6c13cd9dcd70330efd2d2cab63548b1089fa207b0249603b8f45f5f2c50755db2a7d877774a7497c2303fc9ab5150529fcf6a24e7f1f9b6

  • SSDEEP

    12288:2CQjgAtAHM+vetZxF5EWry8AJGy0khGPyJm:25ZWs+OZVEWry8AFtGPZ

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0NDA5NTY1ODUwNDM1OTk3Ng.GTDu8V.pnAIDXNTNWIQchltJK15s3stoHuo5RxHsi9AYg

  • server_id

    1244095541626015796

Targets

    • Target

      Google Chrome.exe

    • Size

      492KB

    • MD5

      d3ebb8649264196a80f589dcf0c97f9b

    • SHA1

      4bbeef7c604629c5cce710ff78dd1c032dc67fc5

    • SHA256

      9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689

    • SHA512

      fcb8dd306b96ff2cd6c13cd9dcd70330efd2d2cab63548b1089fa207b0249603b8f45f5f2c50755db2a7d877774a7497c2303fc9ab5150529fcf6a24e7f1f9b6

    • SSDEEP

      12288:2CQjgAtAHM+vetZxF5EWry8AJGy0khGPyJm:25ZWs+OZVEWry8AFtGPZ

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks