General

  • Target

    Update Check.exe

  • Size

    4.2MB

  • Sample

    241013-3n3g7sshle

  • MD5

    d53d1f00ed58f99f59822c2d2d544010

  • SHA1

    0b7044e63ad051185cdfac92e23ce85af8faa9c8

  • SHA256

    58638ff7af545a8ddf3d05ec44b916de2f6e5e3a3d9ed1d9ac95c43737b3d974

  • SHA512

    4fe5428921a60bd4fdb5f91a4a0e35d6656f14071a2841a254523e04608cc89b79662b538e5f34aa157540fd87efd98a34be8bf662e2f5ed94abd85fc3f3b9e8

  • SSDEEP

    98304:SelujKJAy3ppt06bZmCOHDujxBJSjMgL3+ylLGEeU4uz1P9zz9Izjhed:SZ1yZpt06NmPjuBYAAOylLGEeRy9zz9r

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1OTY0MjcxOTc2OTMyOTc0NA.G7ihTo._RCPiBzL9dSbWyoWQXFjvV6wNhGpmHiAW1ckvc

  • server_id

    1292317246118559744

Targets

    • Target

      Update Check.exe

    • Size

      4.2MB

    • MD5

      d53d1f00ed58f99f59822c2d2d544010

    • SHA1

      0b7044e63ad051185cdfac92e23ce85af8faa9c8

    • SHA256

      58638ff7af545a8ddf3d05ec44b916de2f6e5e3a3d9ed1d9ac95c43737b3d974

    • SHA512

      4fe5428921a60bd4fdb5f91a4a0e35d6656f14071a2841a254523e04608cc89b79662b538e5f34aa157540fd87efd98a34be8bf662e2f5ed94abd85fc3f3b9e8

    • SSDEEP

      98304:SelujKJAy3ppt06bZmCOHDujxBJSjMgL3+ylLGEeU4uz1P9zz9Izjhed:SZ1yZpt06NmPjuBYAAOylLGEeRy9zz9r

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks