General
-
Target
celexcudeapito.exe
-
Size
1.8MB
-
Sample
241019-ezkjrsxapd
-
MD5
7a83c409d62508be138dc3f34388a9b9
-
SHA1
aa25aa410bebe70ebc198724ee6fcdb136c5b1c3
-
SHA256
c4bca7bc159f3acc7aa640e0e0e4af9628589ee3f883b599130fa7106084e890
-
SHA512
f0847f85eaff1134a9c0f7449d29cce42a36cfded599b6e16ee82188185da97451d3f2e6fe06ce9cf04a970fe980db5d039c27f972c7b45f26e726a74c092fe8
-
SSDEEP
49152:ADjlabwz9qwXGH9WlwRkRIVI9w9S0RhFLTqKr:Aqw9MN9VIb6Lr
Malware Config
Extracted
discordrat
-
discord_token
MTI5NjYzNTE3NjA0MTk3NTgxOA.Gk_FFl.rzX6LBdObHooYXuBei4jkvA7oRi8ecnVq0nMZE
-
server_id
1297012772168667258
Targets
-
-
Target
celexcudeapito.exe
-
Size
1.8MB
-
MD5
7a83c409d62508be138dc3f34388a9b9
-
SHA1
aa25aa410bebe70ebc198724ee6fcdb136c5b1c3
-
SHA256
c4bca7bc159f3acc7aa640e0e0e4af9628589ee3f883b599130fa7106084e890
-
SHA512
f0847f85eaff1134a9c0f7449d29cce42a36cfded599b6e16ee82188185da97451d3f2e6fe06ce9cf04a970fe980db5d039c27f972c7b45f26e726a74c092fe8
-
SSDEEP
49152:ADjlabwz9qwXGH9WlwRkRIVI9w9S0RhFLTqKr:Aqw9MN9VIb6Lr
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-