Overview

overview

10

Static

static

1

file.html

windows10-2004-x64

10

file.html

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    312KB

  • Sample

    240702-xc64csygpp

  • MD5

    a85e8c872d3bd4a0d870d0ace8ac55af

  • SHA1

    88c7c98e1e815678c2c3301bde54652da17e2962

  • SHA256

    66d1b7730d226aeea411fedb685fd3ce9c4e5cdd11d7367db4abc0ec5c625ea0

  • SHA512

    6358fa1395c27784e0622b52e681eacf736467afa6b6f3a98cc05ea5845cfeaee30699b789c8ffef44a562500b52c055f16fca0fe887f6d30c33c80ee58b9613

  • SSDEEP

    3072:6ipgAkHnjPIQ6KSEc/iHfPaW+LN7DxRLlzglKnViNk:TgAkHnjPIQBSEz/PCN7jBnViNk

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1Njk2MTU3MDM0MTI2MTM0Mw.G2jsSE.fwfDhga89T38Vkr6KKPeUy8EFRSYPByb0GnYBY

  • server_id

    1256961368641372210

Targets

    • Target

      file

    • Size

      312KB

    • MD5

      a85e8c872d3bd4a0d870d0ace8ac55af

    • SHA1

      88c7c98e1e815678c2c3301bde54652da17e2962

    • SHA256

      66d1b7730d226aeea411fedb685fd3ce9c4e5cdd11d7367db4abc0ec5c625ea0

    • SHA512

      6358fa1395c27784e0622b52e681eacf736467afa6b6f3a98cc05ea5845cfeaee30699b789c8ffef44a562500b52c055f16fca0fe887f6d30c33c80ee58b9613

    • SSDEEP

      3072:6ipgAkHnjPIQ6KSEc/iHfPaW+LN7DxRLlzglKnViNk:TgAkHnjPIQBSEz/PCN7jBnViNk

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Enumerates VirtualBox DLL files

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks