General
-
Target
Client-built.zip
-
Size
28KB
-
Sample
240703-x6gessthpm
-
MD5
15986d49da966669e241d6a9c8950ac0
-
SHA1
7f6a6e8ee66937626e0514d8c1a0736629934fc2
-
SHA256
1b7436c39f931d8118c2180cd499f0de6ebe5a061c45a34425ca652471617864
-
SHA512
c1f9982792708343f9dcf8a9ff45d03d037d01365646e7fcb5e9bdd96c7826b75dd0bc7a890409bb114947e87ab3e4ab96289db86109c3e1213fe34e43d69d48
-
SSDEEP
768:Q+5lz6yZDgr9OtA8dozFbWvwQ0THkEH5DrL+:3d2rvrQexo
Malware Config
Extracted
discordrat
-
discord_token
MTI0NzYyMjc1MDMwNzA5NDYwOQ.G75kCj.oUUW-eN7iy9fOSU_z7eZ2sZU33L8Wqa1p6jziw
-
server_id
1247622541909164062
Targets
-
-
Target
Client-built.exe
-
Size
78KB
-
MD5
702e3d2fe467271a3e3f892bfe309cc4
-
SHA1
48694b9e4bd02a1e7c0c68b09cfa3952913f6113
-
SHA256
bb5c3700d7aed3cf8da3e655577f36bd8662566312488cf85035bd310c50f6cb
-
SHA512
0e9e3f0ec6cfe3cff8bbff5dda0ffcf562cfce804552a16e2f2e2ae3897d9c793256ee9196cff4282c467f5ab6758095f69a3dd293a3608f8665968efe49f6ed
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+rPIC:5Zv5PDwbjNrmAE+DIC
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-