General

  • Target

    2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747

  • Size

    663KB

  • Sample

    241011-12fjgs1ekk

  • MD5

    043e699dbf3d88b6cca5fbe64229ba27

  • SHA1

    50661d32315985eab2a70f1d1f6435b9563ca237

  • SHA256

    2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747

  • SHA512

    04f23cfa08684ce109685bf2068211731018a85bb588cff9de67faca8ecc6e3e02b150a656f91b55557e5f4a949400f90da19f8c37f5abfac034e68e4cc633c2

  • SSDEEP

    6144:3E+yclwQKjdn+WPtYVJIoBf4xX26I6DqJM1tc2uQNQ5rHbIOohWy0f:3BdlwHRn+WlYV+Rp2yEM1tc2uYXOos

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNzY2MzY3MDU0MTE2MDUwOQ.Gd6pNB.ScrscETWuXpifr43j4YDLQN_-m1c2UlONmnRmo

  • server_id

    1097447165732868126

Targets

    • Target

      2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747

    • Size

      663KB

    • MD5

      043e699dbf3d88b6cca5fbe64229ba27

    • SHA1

      50661d32315985eab2a70f1d1f6435b9563ca237

    • SHA256

      2c995d090bde52ca3355c7dba1694b1c8678f52ea3d6d5de981c5ab0372ab747

    • SHA512

      04f23cfa08684ce109685bf2068211731018a85bb588cff9de67faca8ecc6e3e02b150a656f91b55557e5f4a949400f90da19f8c37f5abfac034e68e4cc633c2

    • SSDEEP

      6144:3E+yclwQKjdn+WPtYVJIoBf4xX26I6DqJM1tc2uQNQ5rHbIOohWy0f:3BdlwHRn+WlYV+Rp2yEM1tc2uYXOos

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Modifies security service

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks