General

  • Target

    Dog.exe.exe

  • Size

    856KB

  • Sample

    241123-d7zszstmem

  • MD5

    6ef38551bf3cc30999def9436bb4b3bc

  • SHA1

    5276746250c405cccc05223efb6a5310da176369

  • SHA256

    244a73e853d1e90dd78423fe0bc098e9623b9c875b28fdf84ae18bbdd81ecfd3

  • SHA512

    2e978a64af603d84b506d375bfaf29a5cbc1a615a8184050bf36e44fce283919be39bf0c12d551848989a147a77d2614e845f7e73ad1583bf1d2cb1057fe3067

  • SSDEEP

    12288:syveQB/fTHIGaPkKEYzURNAwbAgFp+r/aQLEc50eBPrabPo9/ToGOLK7B:suDXTIGaPhEYzUzA0nk5NTazw/ToGOLg

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMwOTAwNDI2MDkzNTIwOTAwMg.G34c8h.6Zg2Y0V10sZUSneIGxEx-JKksXx1gmubJztk3w

  • server_id

    1300826072195006494

Targets

    • Target

      Dog.exe.exe

    • Size

      856KB

    • MD5

      6ef38551bf3cc30999def9436bb4b3bc

    • SHA1

      5276746250c405cccc05223efb6a5310da176369

    • SHA256

      244a73e853d1e90dd78423fe0bc098e9623b9c875b28fdf84ae18bbdd81ecfd3

    • SHA512

      2e978a64af603d84b506d375bfaf29a5cbc1a615a8184050bf36e44fce283919be39bf0c12d551848989a147a77d2614e845f7e73ad1583bf1d2cb1057fe3067

    • SSDEEP

      12288:syveQB/fTHIGaPkKEYzURNAwbAgFp+r/aQLEc50eBPrabPo9/ToGOLK7B:suDXTIGaPhEYzUzA0nk5NTazw/ToGOLg

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Discordrat family

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks