General
-
Target
https://cdn.discordapp.com/attachments/1255165018316476447/1255253149036580914/Sigma.exe?ex=667c7518&is=667b2398&hm=33809d33cbb516befcb10bbf7b24b310096b724bc8b9c84c921ebdb5ad1a60e6&
-
Sample
240625-yyzf3szglc
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1NTIyMzg4MDA4NDA5OTE2Mg.GukmSG.gcxGub6ITuDxOUV3cxXT3R61bKP6OmYlr0wc7s
-
server_id
1255223797854765067
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1255165018316476447/1255253149036580914/Sigma.exe?ex=667c7518&is=667b2398&hm=33809d33cbb516befcb10bbf7b24b310096b724bc8b9c84c921ebdb5ad1a60e6&
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-