General
-
Target
image.exe
-
Size
78KB
-
Sample
241020-bnhdgsscnp
-
MD5
a508c8373bf5c147a4509f6a030610f3
-
SHA1
c0b086a6e387c4d84f5661b9d79d3b1c87c27011
-
SHA256
c2ea962a324fc25a5702fbea1bbc613ac986a2e718211a539caf6b06a39a0933
-
SHA512
8d2be2cb8e84e96327a0cff62d234a870d6f72ddc9aa8735c4fe0a0fb2afb7a587bc03c9e391093d23504da0042328b35ac1c53ef6cbf286f4c75a3efe8e198b
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+RPIC:5Zv5PDwbjNrmAE+BIC
Malware Config
Extracted
discordrat
-
discord_token
MTI5NTg2NzE0MzY4MTg2Nzg2OA.GTk4Vj.43MIMngVXUw_vBG8ewsE7UIYhWX_ziblwhT734
-
server_id
1295866837308801124
Targets
-
-
Target
image.exe
-
Size
78KB
-
MD5
a508c8373bf5c147a4509f6a030610f3
-
SHA1
c0b086a6e387c4d84f5661b9d79d3b1c87c27011
-
SHA256
c2ea962a324fc25a5702fbea1bbc613ac986a2e718211a539caf6b06a39a0933
-
SHA512
8d2be2cb8e84e96327a0cff62d234a870d6f72ddc9aa8735c4fe0a0fb2afb7a587bc03c9e391093d23504da0042328b35ac1c53ef6cbf286f4c75a3efe8e198b
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+RPIC:5Zv5PDwbjNrmAE+BIC
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1