General
-
Target
b98c0a7983a1a8e77aa68304db614debd63e71f2e441d0298e378606c9517aae
-
Size
1.1MB
-
Sample
241213-z23hksymfx
-
MD5
68de2c63489575fdc69209c48f03e373
-
SHA1
3bf66befd008ad1a8876d6683f67648a01688a07
-
SHA256
b98c0a7983a1a8e77aa68304db614debd63e71f2e441d0298e378606c9517aae
-
SHA512
77c2952c34efbae2923ddca8de26859a3d0481ee1b393cdb58a96ffa9c8d5e47272f5c27a46e91671c7606c502843d0ac229bca228d3d3abf690833da6ed8ace
-
SSDEEP
24576:AuDXTIGaPhEYzUzA0P/+f7+EsQdWwUUcLs1bwvZ/Hxa3kNGUpD:vDjlabwz9P/+fvxjcCbE/gxUpD
Malware Config
Extracted
discordrat
-
discord_token
MTMxNzIwMTkyNjY1MTI1Mjc5Ng.GGmA9C.Umk50Kx-pwR-yNlFXEu7O8TF68_JH2rIJhlydY
-
server_id
1317202248664879145
Targets
-
-
Target
b98c0a7983a1a8e77aa68304db614debd63e71f2e441d0298e378606c9517aae
-
Size
1.1MB
-
MD5
68de2c63489575fdc69209c48f03e373
-
SHA1
3bf66befd008ad1a8876d6683f67648a01688a07
-
SHA256
b98c0a7983a1a8e77aa68304db614debd63e71f2e441d0298e378606c9517aae
-
SHA512
77c2952c34efbae2923ddca8de26859a3d0481ee1b393cdb58a96ffa9c8d5e47272f5c27a46e91671c7606c502843d0ac229bca228d3d3abf690833da6ed8ace
-
SSDEEP
24576:AuDXTIGaPhEYzUzA0P/+f7+EsQdWwUUcLs1bwvZ/Hxa3kNGUpD:vDjlabwz9P/+fvxjcCbE/gxUpD
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-