General

  • Target

    3aa84861ef170642ae22569bb67e06d522c9febb22821856f54b43a0ad6b57bcN.exe

  • Size

    506KB

  • Sample

    241216-syjgzatnfx

  • MD5

    6eba90f5160750d52ec3ad2872e256a0

  • SHA1

    09d5955fb74a80659630e574ee756c7e75a86132

  • SHA256

    3aa84861ef170642ae22569bb67e06d522c9febb22821856f54b43a0ad6b57bc

  • SHA512

    421d4c68220b76835d35aa9596efdcdbd66e0b9860c5bdd991dc998363f07d840277012eb3a13f1c371a0c7fa9ab907d7f54aa7169a9d1bb55983c3a4d0e06ef

  • SSDEEP

    12288:1BdlwHRn+WlYV+52bRidAxuv/1r2DuIgbTQU:1BkVdlYA5C5W1r2/gt

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxNzE0MTE2OTU1MzAxODkyMQ.Gi-FPQ.YBOfJgh9SakvtjrFPjTiLkJI0Sj7bJFKbHxWiA

  • server_id

    1295420366671315004

Targets

    • Target

      3aa84861ef170642ae22569bb67e06d522c9febb22821856f54b43a0ad6b57bcN.exe

    • Size

      506KB

    • MD5

      6eba90f5160750d52ec3ad2872e256a0

    • SHA1

      09d5955fb74a80659630e574ee756c7e75a86132

    • SHA256

      3aa84861ef170642ae22569bb67e06d522c9febb22821856f54b43a0ad6b57bc

    • SHA512

      421d4c68220b76835d35aa9596efdcdbd66e0b9860c5bdd991dc998363f07d840277012eb3a13f1c371a0c7fa9ab907d7f54aa7169a9d1bb55983c3a4d0e06ef

    • SSDEEP

      12288:1BdlwHRn+WlYV+52bRidAxuv/1r2DuIgbTQU:1BkVdlYA5C5W1r2/gt

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Discordrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks