Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1255165018316476447/1255253149036580914/Sigma.exe?ex=667c7518&is=667b2398&hm=33809d33cbb516befcb10bbf7b24b310096b724bc8b9c84c921ebdb5ad1a60e6&

  • Sample

    240625-yyzf3szglc

Score
10/10
discordratevasionpersistenceransomwareratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1NTIyMzg4MDA4NDA5OTE2Mg.GukmSG.gcxGub6ITuDxOUV3cxXT3R61bKP6OmYlr0wc7s

  • server_id

    1255223797854765067

Targets

    • Target

      https://cdn.discordapp.com/attachments/1255165018316476447/1255253149036580914/Sigma.exe?ex=667c7518&is=667b2398&hm=33809d33cbb516befcb10bbf7b24b310096b724bc8b9c84c921ebdb5ad1a60e6&

    Score
    10/10
    discordratevasionpersistenceransomwareratrootkitspywarestealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks