General
-
Target
f58c9b8767ce04b32e3cbe7268c80921dafcbf8c8e5bf9d81a4b3eafc0647cb4
-
Size
476KB
-
Sample
241019-cvvg3atdqp
-
MD5
23c3f2c8794f05b832c82f72258ba38a
-
SHA1
6d26d5bbe68f6908f5f43aa448238fd135d7bd93
-
SHA256
f58c9b8767ce04b32e3cbe7268c80921dafcbf8c8e5bf9d81a4b3eafc0647cb4
-
SHA512
87236ab4eeb9dfcabb28fce2708d02ef13550dccf488348907ee8764e47bf527cb8fb825bcf5152db25b621a53be6ef48d9ea11702e53c5bc32e5369edf2aafa
-
SSDEEP
12288:xCQjgAtAHM+vetZxF5EWry8AJGy0ObZh2IJBx:x5ZWs+OZVEWry8AF5b24
Malware Config
Extracted
discordrat
-
discord_token
MTI5NjYzNjQ4OTQ0NjE5OTQwOA.GEhciD.QzYUmAgRRkM4btANs6IF2LW4kGU-L42O5YO-Cs
-
server_id
1296636393107488851
Targets
-
-
Target
f58c9b8767ce04b32e3cbe7268c80921dafcbf8c8e5bf9d81a4b3eafc0647cb4
-
Size
476KB
-
MD5
23c3f2c8794f05b832c82f72258ba38a
-
SHA1
6d26d5bbe68f6908f5f43aa448238fd135d7bd93
-
SHA256
f58c9b8767ce04b32e3cbe7268c80921dafcbf8c8e5bf9d81a4b3eafc0647cb4
-
SHA512
87236ab4eeb9dfcabb28fce2708d02ef13550dccf488348907ee8764e47bf527cb8fb825bcf5152db25b621a53be6ef48d9ea11702e53c5bc32e5369edf2aafa
-
SSDEEP
12288:xCQjgAtAHM+vetZxF5EWry8AJGy0ObZh2IJBx:x5ZWs+OZVEWry8AF5b24
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-