General
-
Target
720f911303c85d3a7aa374a01d3d926d8db0cf4981971fb80651a3e1b021114f
-
Size
456KB
-
Sample
240529-hdw78aed92
-
MD5
b1dd06c7737e0f8d7b2b390aa99e7900
-
SHA1
02e3374698f22818cb73b6736e197aa041ea2506
-
SHA256
720f911303c85d3a7aa374a01d3d926d8db0cf4981971fb80651a3e1b021114f
-
SHA512
2156784311f9f8114d6729dd3433dbd1951d13bdc3a89273686039c7a18d626bb7c267dcd459e2c9d6b44065085ae2faeeceb9efa691b8930b972a81a049211d
-
SSDEEP
6144:JE+yclwQKjdn+WPtYVJIoBfORi4ImOkMhU1YIG/:JBdlwHRn+WlYV+3RojRU1Y7
Malware Config
Extracted
discordrat
-
discord_token
MTI0MzA2Nzk5NzQ4NTI3MzE3Mg.G6piH7.kZKxc7d4uXnq1WYJp43XerNKVtE4_zPhSDbgkM
-
server_id
1243088293344841749
Targets
-
-
Target
720f911303c85d3a7aa374a01d3d926d8db0cf4981971fb80651a3e1b021114f
-
Size
456KB
-
MD5
b1dd06c7737e0f8d7b2b390aa99e7900
-
SHA1
02e3374698f22818cb73b6736e197aa041ea2506
-
SHA256
720f911303c85d3a7aa374a01d3d926d8db0cf4981971fb80651a3e1b021114f
-
SHA512
2156784311f9f8114d6729dd3433dbd1951d13bdc3a89273686039c7a18d626bb7c267dcd459e2c9d6b44065085ae2faeeceb9efa691b8930b972a81a049211d
-
SSDEEP
6144:JE+yclwQKjdn+WPtYVJIoBfORi4ImOkMhU1YIG/:JBdlwHRn+WlYV+3RojRU1Y7
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-