General

  • Target

    Wave.exe

  • Size

    505KB

  • Sample

    240623-fmb8asvamm

  • MD5

    634012a39686513995ecbbaf04235a0a

  • SHA1

    6204df4370ed114bde2caac305f96b1954e68504

  • SHA256

    134bc640e8cc14d6c30f91407a8c812a63319072343bbf8a6bc2aaf3a902d44b

  • SHA512

    b8881eb85dc001d4c256a60dbc141592f89ffded8f90d2240c80d6af6468a34e1ac52e288170c0296cf1afe735e7ef7da6a4738adcfc253fded53c7c56ebe002

  • SSDEEP

    12288:TyveQB/fTHIGaPkKEYzURNAwbAg8ox4CA9ndmc:TuDXTIGaPhEYzUzA0qV9nkc

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1NDI4MDkwNjYzODc1Mzg2Mw.GB5zNE.lgu4CSBwMUVxaeb6e0u9sFYW6gLtr8IglmywhI

  • server_id

    1189676766084735048

Targets

    • Target

      Wave.exe

    • Size

      505KB

    • MD5

      634012a39686513995ecbbaf04235a0a

    • SHA1

      6204df4370ed114bde2caac305f96b1954e68504

    • SHA256

      134bc640e8cc14d6c30f91407a8c812a63319072343bbf8a6bc2aaf3a902d44b

    • SHA512

      b8881eb85dc001d4c256a60dbc141592f89ffded8f90d2240c80d6af6468a34e1ac52e288170c0296cf1afe735e7ef7da6a4738adcfc253fded53c7c56ebe002

    • SSDEEP

      12288:TyveQB/fTHIGaPkKEYzURNAwbAg8ox4CA9ndmc:TuDXTIGaPhEYzUzA0qV9nkc

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks