General
-
Target
ScaryKart.exe
-
Size
551KB
-
Sample
240717-fjrhtawfrn
-
MD5
eb08107e08a2536292902db8cc97d722
-
SHA1
ec62cc7d5a90db160195f473495ec9e5c102d60b
-
SHA256
8babcf505f2bf387850280c73ba6e2b3cd950b0383047841ac109f479a288c6e
-
SHA512
89999cfa54fa033b6e03b7b407ee296cb7b7fd9e834e55210c83085b934e7b07f063bfb359fa7e84563e7473fbd4dca4e1c09f44163aca0e9dad337a2fb66f12
-
SSDEEP
12288:5hqxSLo5C1Ps4XhitX+t4983sMbK93vC2Td6FtJ/TL:5HLmCiIhiX483vC+mtJv
Malware Config
Extracted
discordrat
-
discord_token
MTI1MzI3OTgwMTIzODg4MDI4OQ.GRYisY.MCX3PxYFEDjNe8KMtaXisef9H7jEZywLNsHvs0
-
server_id
1253280184275173377
Targets
-
-
Target
ScaryKart.exe
-
Size
551KB
-
MD5
eb08107e08a2536292902db8cc97d722
-
SHA1
ec62cc7d5a90db160195f473495ec9e5c102d60b
-
SHA256
8babcf505f2bf387850280c73ba6e2b3cd950b0383047841ac109f479a288c6e
-
SHA512
89999cfa54fa033b6e03b7b407ee296cb7b7fd9e834e55210c83085b934e7b07f063bfb359fa7e84563e7473fbd4dca4e1c09f44163aca0e9dad337a2fb66f12
-
SSDEEP
12288:5hqxSLo5C1Ps4XhitX+t4983sMbK93vC2Td6FtJ/TL:5HLmCiIhiX483vC+mtJv
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-