General
-
Target
RobloxAdminPanelNewLeakedgpj.exe
-
Size
376KB
-
Sample
240605-wjzgesee35
-
MD5
211bd65a74765df0e85a8eedbc2e98c2
-
SHA1
d68318a9a00483d49f34d5a3573cf981308aa31f
-
SHA256
56c4d335ac7734b3fcc93e70dc43216d571cfd52117ebda2dd5dae7d070a5d9c
-
SHA512
0ef222608495c1eefb4a786663542c73c9c3a5160e7b73e678a0bdbea9824985ab4bd4d3f64fa0cb8a71b89c7e07f378a45851d79318b6f523f41fa61a58ebc7
-
SSDEEP
6144:PE+yclwQKjdn+WPtYVJIoBfYrkhFR1ahrG5/+ZErz:PBdlwHRn+WlYV+5rkhFR18rG5H
Malware Config
Extracted
discordrat
-
discord_token
MTI0NzYwNjA2ODE3NTk2MjEzMw.G3Bv2h.Oi-mmhg6ZK_uTFZKjQiDOwr-wcEm-Hq0xizKtQ
-
server_id
1247606720864321577
Targets
-
-
Target
RobloxAdminPanelNewLeakedgpj.exe
-
Size
376KB
-
MD5
211bd65a74765df0e85a8eedbc2e98c2
-
SHA1
d68318a9a00483d49f34d5a3573cf981308aa31f
-
SHA256
56c4d335ac7734b3fcc93e70dc43216d571cfd52117ebda2dd5dae7d070a5d9c
-
SHA512
0ef222608495c1eefb4a786663542c73c9c3a5160e7b73e678a0bdbea9824985ab4bd4d3f64fa0cb8a71b89c7e07f378a45851d79318b6f523f41fa61a58ebc7
-
SSDEEP
6144:PE+yclwQKjdn+WPtYVJIoBfYrkhFR1ahrG5/+ZErz:PBdlwHRn+WlYV+5rkhFR18rG5H
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-