Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    78KB

  • Sample

    240914-gdatjsygkn

  • MD5

    359b751183be791b8100184be2351d25

  • SHA1

    8285d52626a0a00cdb151e5d5cf886b5aabbac4f

  • SHA256

    bc40be55d7b2175ad80815a48393a70194f098dd21ad4a58698def7263bef1e9

  • SHA512

    39506524d9b655f463839f7f1f2df28bfe6682b7ae4a2b02193484034253da9b3b5a41da244e4227ea7cc78e0cc26f20495a4cd54d82ec77f370722ec54c18e2

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI4NDM4Mjk4NjYwNjg3NDcxNQ.GBnQgE.biTUCOhcaVlARgGjw53Ro9xzBlPffuvWyh7lBc

  • server_id

    1284378215447658516

Targets

    • Target

      Client-built.exe

    • Size

      78KB

    • MD5

      359b751183be791b8100184be2351d25

    • SHA1

      8285d52626a0a00cdb151e5d5cf886b5aabbac4f

    • SHA256

      bc40be55d7b2175ad80815a48393a70194f098dd21ad4a58698def7263bef1e9

    • SHA512

      39506524d9b655f463839f7f1f2df28bfe6682b7ae4a2b02193484034253da9b3b5a41da244e4227ea7cc78e0cc26f20495a4cd54d82ec77f370722ec54c18e2

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks