General
-
Target
a08c834c29d0d8f5f314a03f13775f4a5cd10537698551b4a74805eff7e45254
-
Size
724KB
-
Sample
241012-hznszazbjg
-
MD5
ac3ef2f121a0395e07e294763f4897f4
-
SHA1
8e7d7022aba6b6a5909d9d9ac04ed1951f7f1ca6
-
SHA256
a08c834c29d0d8f5f314a03f13775f4a5cd10537698551b4a74805eff7e45254
-
SHA512
14f68dd0e78b4e55d86787b3bbc3d334c61d0156602fffd79f441285a63b2fffbe7ea24c02d74f1cd62e1017d821c3bae0ac064e8b6653dc1c501d9067a117c1
-
SSDEEP
12288:kyveQB/fTHIGaPkKEYzURNAwbAg8bxF04VsyDXmCfp6Ah+lcy/HQRMm8:kuDXTIGaPhEYzUzA0qUry7mCfp9h+lbH
Malware Config
Extracted
discordrat
-
discord_token
MTI5NDUyNDAwNzYwOTAwODEyOQ.GCjW8M.SxCGlpfPNu5sW0K9sgiNhPHPY1UaaaQWEqijfk
-
server_id
1294532251186364457
Targets
-
-
Target
a08c834c29d0d8f5f314a03f13775f4a5cd10537698551b4a74805eff7e45254
-
Size
724KB
-
MD5
ac3ef2f121a0395e07e294763f4897f4
-
SHA1
8e7d7022aba6b6a5909d9d9ac04ed1951f7f1ca6
-
SHA256
a08c834c29d0d8f5f314a03f13775f4a5cd10537698551b4a74805eff7e45254
-
SHA512
14f68dd0e78b4e55d86787b3bbc3d334c61d0156602fffd79f441285a63b2fffbe7ea24c02d74f1cd62e1017d821c3bae0ac064e8b6653dc1c501d9067a117c1
-
SSDEEP
12288:kyveQB/fTHIGaPkKEYzURNAwbAg8bxF04VsyDXmCfp6Ah+lcy/HQRMm8:kuDXTIGaPhEYzUzA0qUry7mCfp9h+lbH
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-