General
-
Target
Client-built.exe
-
Size
78KB
-
Sample
240603-amzqpsdf63
-
MD5
ceb3b62b890805b633f724c338eddc05
-
SHA1
f9b8afc1b41ffcd333b9e1ae7277add091b02778
-
SHA256
b09fb462e22927fdfe5c96f4b747bbfaabcc56fd1f54bd7dd2cdc4e2a0f53b09
-
SHA512
5a6511c7f88b9b29cf35994f87a0046edac6f541222f046ed7e1195a0b8e3008d9fe2b48eb3882787a1be437f4a758f665a31a72c4375444e122369754bbc5b0
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC
Malware Config
Extracted
discordrat
-
discord_token
MTI0NjYyNzA2ODc4ODA4NDc0Ng.Gn4uSB.1JK83gJAQgSND4dClwEWyTVChF5vXDczFrGz0w
-
server_id
1246627631135461376
Targets
-
-
Target
Client-built.exe
-
Size
78KB
-
MD5
ceb3b62b890805b633f724c338eddc05
-
SHA1
f9b8afc1b41ffcd333b9e1ae7277add091b02778
-
SHA256
b09fb462e22927fdfe5c96f4b747bbfaabcc56fd1f54bd7dd2cdc4e2a0f53b09
-
SHA512
5a6511c7f88b9b29cf35994f87a0046edac6f541222f046ed7e1195a0b8e3008d9fe2b48eb3882787a1be437f4a758f665a31a72c4375444e122369754bbc5b0
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1