General
-
Target
Client-built.exe
-
Size
78KB
-
Sample
240803-nk4tja1gpm
-
MD5
dde1143427fbbe9d6cb6e7cb5b94b415
-
SHA1
02232d66ec3178c65f97ea503d3cdd7d6523f643
-
SHA256
3b69e72c8db1864fbbbc2584562f7d627c371b82337365005f50af428a6a7203
-
SHA512
4f01ad8232b2b030bd128c7f300c20485c060e103fb5de6f1392d1478fb4cccd5f660e91522f5b7f82032ce7e3f6fdb5f066da890f020e112684ff232897f2f6
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC
Malware Config
Extracted
discordrat
-
discord_token
MTI2OTI0OTEwMjQ5NTg3OTIyOQ.GLHhlB.ypGKkwamHbm_Ye58lhiwJG8n231holsbEjjd7g
-
server_id
1269247737208246368
Targets
-
-
Target
Client-built.exe
-
Size
78KB
-
MD5
dde1143427fbbe9d6cb6e7cb5b94b415
-
SHA1
02232d66ec3178c65f97ea503d3cdd7d6523f643
-
SHA256
3b69e72c8db1864fbbbc2584562f7d627c371b82337365005f50af428a6a7203
-
SHA512
4f01ad8232b2b030bd128c7f300c20485c060e103fb5de6f1392d1478fb4cccd5f660e91522f5b7f82032ce7e3f6fdb5f066da890f020e112684ff232897f2f6
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1