Resubmissions

23-10-2024 16:29

241023-tzm28asakn 10

21-10-2024 19:30

241021-x7rl6asbqa 10

General

  • Target

    ddos.bat

  • Size

    1KB

  • Sample

    241023-tzm28asakn

  • MD5

    15ee8aecfc89d8bed8f362cb46e4b8bb

  • SHA1

    c39b884897d73006daa07d29264670d181835624

  • SHA256

    7af1c25851ef3f66cbca82540d35470de8a364a469d00a013891bd211f56e082

  • SHA512

    553a78c7e82669145767747c287244c2e253a938f7379feaf71425e5f4eeedc612157f812d7d723c3edc57d6f534f152714f173e3b10e55331b16b8f741a3b66

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI5Njg5NDEwMjY0NTkwMzQwMA.GffxcT.wWuk4gdi5T-RNzCLfFQ4XgAEMO4ZjpXcRu5E5Y

  • server_id

    1293738586679672945

Targets

    • Target

      ddos.bat

    • Size

      1KB

    • MD5

      15ee8aecfc89d8bed8f362cb46e4b8bb

    • SHA1

      c39b884897d73006daa07d29264670d181835624

    • SHA256

      7af1c25851ef3f66cbca82540d35470de8a364a469d00a013891bd211f56e082

    • SHA512

      553a78c7e82669145767747c287244c2e253a938f7379feaf71425e5f4eeedc612157f812d7d723c3edc57d6f534f152714f173e3b10e55331b16b8f741a3b66

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Deletes itself

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks