General

  • Target

    e9cbd277fa5fd638db41d08e9ee3ee57b485b03f9510c67b468b18144aa3b73b

  • Size

    136KB

  • Sample

    241030-xp7kna1khl

  • MD5

    ccfe6496defc4d7c67118ecdc40f8f56

  • SHA1

    5758d57fb03f5a5a3eb65ebd447020460c0f34ea

  • SHA256

    e9cbd277fa5fd638db41d08e9ee3ee57b485b03f9510c67b468b18144aa3b73b

  • SHA512

    1ff975dd14f60bc6f35a5cfad5860019b185d4e589c0c9deea2db7bc44786b4f02a856e49369717160ce496fa14ebb5e77fe257d92589c9614461b230c80f1ed

  • SSDEEP

    3072:FRISRU5vzkqB9avktNlHZuKHlbe/O88kgHPYpaDx/V8cXciuTY:52bkqBU4NlMYzPYwv8cXYTY

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMwMTA3ODQ3NjIyNDIwMDcwNQ.GG4U5v.q6f5p3v4QsFIwJGxfFjOIPRWeaaZORXwdiclGc

  • server_id

    1300782121828356126

Targets

    • Target

      wise logo.‮gnp.exe

    • Size

      231KB

    • MD5

      1c896967e6be98ae74b73609217b6114

    • SHA1

      fa667922c64647c9a7c750e22b9073ab85f84e6e

    • SHA256

      96ffcd21b01c69b09029c9e4e70a2d6471ebbc4a2ed81478a5846083a4228aae

    • SHA512

      08bfc53c47fe6574290b86633632c1efcd42cda7eba6378b3882786d54bd89d3794939fc03b87b8d315c6a55b19d5af6471331f5019a5f42d287d930ee09cd74

    • SSDEEP

      6144:ea4InuJg58BkgqPoDH49n8Bb/cTOUXt8Wa:eat0EAH49n8BlUXyP

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Discordrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks