General
-
Target
cbeb080ac0d3c78fe7ee2d56249f46f3ff74e3c114337f6bc5557951e4c46bd0
-
Size
588KB
-
Sample
241217-krydjswpfl
-
MD5
1cc6d8b0062bd2cba1276ed67bf35c06
-
SHA1
f5fe59b1380d6d2b96d6abd92b27db0d19b92d17
-
SHA256
cbeb080ac0d3c78fe7ee2d56249f46f3ff74e3c114337f6bc5557951e4c46bd0
-
SHA512
22da4edd15adb6c73abcc15afe732b7423521cfb1dff1980258bcd7a11a9343a9dce248222d3fa280ae521f5e72beb13f2c19be91c9b54cc86124b006550ae6d
-
SSDEEP
12288:ayveQB/fTHIGaPkKEYzURNAwbAg8gGQL0mSCcjTIVWdHr7:auDXTIGaPhEYzUzA0qv40mU0VYHr7
Malware Config
Extracted
discordrat
-
discord_token
MTMxODE4MTE0OTg3NjQyNDc3Nw.GQG8E9.nJeLLo161XgHRqOZobXXNSZwDQZ2I4osCosf_4
-
server_id
1318182170891911208
Targets
-
-
Target
cbeb080ac0d3c78fe7ee2d56249f46f3ff74e3c114337f6bc5557951e4c46bd0
-
Size
588KB
-
MD5
1cc6d8b0062bd2cba1276ed67bf35c06
-
SHA1
f5fe59b1380d6d2b96d6abd92b27db0d19b92d17
-
SHA256
cbeb080ac0d3c78fe7ee2d56249f46f3ff74e3c114337f6bc5557951e4c46bd0
-
SHA512
22da4edd15adb6c73abcc15afe732b7423521cfb1dff1980258bcd7a11a9343a9dce248222d3fa280ae521f5e72beb13f2c19be91c9b54cc86124b006550ae6d
-
SSDEEP
12288:ayveQB/fTHIGaPkKEYzURNAwbAg8gGQL0mSCcjTIVWdHr7:auDXTIGaPhEYzUzA0qv40mU0VYHr7
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-