General

  • Target

    MALWARE DONT RUN.exe

  • Size

    78KB

  • Sample

    241217-tvj5rsspgw

  • MD5

    67ecf78171011aafa55ad542aeb446f4

  • SHA1

    f63949d3ea62224cf4dfbbad9c7366ce5662ad77

  • SHA256

    68a982b3a4546c50b7cbf49ae97e9ad5b34340331131e342ebf8663ad7ca94f5

  • SHA512

    aa4e5e31a99af901e06b7f253e05b598691ad9e867c3c34a4c2ea0f936cdc4964f6982ff4aa27c546666f5345e4ee2ae521ef0e2483c4371ee28ad481632fcb4

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxODMxNzY5MjIwNTI2OTA0Mw.GJ6Gzb.6ahR4c80H2mceTshl9pACIQdGhJ4AEZIOye_x0

  • server_id

    1317445742540882003

Targets

    • Target

      MALWARE DONT RUN.exe

    • Size

      78KB

    • MD5

      67ecf78171011aafa55ad542aeb446f4

    • SHA1

      f63949d3ea62224cf4dfbbad9c7366ce5662ad77

    • SHA256

      68a982b3a4546c50b7cbf49ae97e9ad5b34340331131e342ebf8663ad7ca94f5

    • SHA512

      aa4e5e31a99af901e06b7f253e05b598691ad9e867c3c34a4c2ea0f936cdc4964f6982ff4aa27c546666f5345e4ee2ae521ef0e2483c4371ee28ad481632fcb4

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Discordrat family

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks