General
-
Target
a3402ffe42ea57750ad44efb32044bcd39c170681bac3ad035ef8d0d31659132
-
Size
543KB
-
Sample
240526-nhs91sge5x
-
MD5
a314b9e0e9d1559ba8cea4ab45070cb5
-
SHA1
071b321edc8f6429cf2706c697feafaa2a256604
-
SHA256
a3402ffe42ea57750ad44efb32044bcd39c170681bac3ad035ef8d0d31659132
-
SHA512
1045d4a2649b2ce63acd3c08357e1622f6aff05bdf051b86f68d08540c7a12cfd7ced554789fcacc72022d691d84375a60bbca5cfeaf2e1d07cdc28da66b12ef
-
SSDEEP
12288:ftH5NLaAdDhAAEIFDf4iNzSHtonu8qi4c+J0/t35X:ftH5sAdXEIFDJNzSHWqi4fJ01F
Malware Config
Extracted
discordrat
-
discord_token
MTI0NDE5MDQ0Njk4OTYwNjkyMg.GKKSv3.QM0nX8HsEIYXvPn3-i6tD_jy99bQ-bFdZIMzN0
-
server_id
1244191426804322336
Targets
-
-
Target
a3402ffe42ea57750ad44efb32044bcd39c170681bac3ad035ef8d0d31659132
-
Size
543KB
-
MD5
a314b9e0e9d1559ba8cea4ab45070cb5
-
SHA1
071b321edc8f6429cf2706c697feafaa2a256604
-
SHA256
a3402ffe42ea57750ad44efb32044bcd39c170681bac3ad035ef8d0d31659132
-
SHA512
1045d4a2649b2ce63acd3c08357e1622f6aff05bdf051b86f68d08540c7a12cfd7ced554789fcacc72022d691d84375a60bbca5cfeaf2e1d07cdc28da66b12ef
-
SSDEEP
12288:ftH5NLaAdDhAAEIFDf4iNzSHtonu8qi4c+J0/t35X:ftH5sAdXEIFDJNzSHWqi4fJ01F
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-