General
-
Target
https://www.mediafire.com/file/lwg6n17e2ihznl3/Xapse.zip/file
-
Sample
240912-ytbjfssdkf
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI4MzQ5MjYwNjQzNjcwNDQ3OA.Gcd9wS.ILqVWchScpfnGA8kl3zS2LHB2KoDmKldZhEit4
-
server_id
1283486716660940800
Targets
-
-
Target
https://www.mediafire.com/file/lwg6n17e2ihznl3/Xapse.zip/file
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-