General

  • Target

    lorogpj.exe.exe

  • Size

    267KB

  • Sample

    241219-qtdptatnbt

  • MD5

    9c8961e727c152ca6f691f787ce38897

  • SHA1

    7c60e45f98f354a417c938d35c0dc084fc2ec1c1

  • SHA256

    75aca327fc11dc2c409578d1104c8274933cccfe5ac6c674c995e64a35570587

  • SHA512

    1bdc71b6cd6feca4f1203a6d50ade4491166e87113f9c30c099097e9013f14825dd7e259e72f5866dc9f7a290a3cd0722d00ed631d106dc92b76fbd2ca0b812a

  • SSDEEP

    6144:bXhaVAhAD4U5lbVHTKa9m2tZMEtnEuLxE0w6aIdlvLhff22Qer/:bxaVAh64U5lL9m2nMEtEj0w1IdlvFffF

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxOTI4NTMyNjI3NTAyMjg0OA.GdpNdo.AKlmUueGdkM0K-nySfjXqoZsXhtK7dQiDHiOtk

  • server_id

    1319285142543663187

Targets

    • Target

      lorogpj.exe.exe

    • Size

      267KB

    • MD5

      9c8961e727c152ca6f691f787ce38897

    • SHA1

      7c60e45f98f354a417c938d35c0dc084fc2ec1c1

    • SHA256

      75aca327fc11dc2c409578d1104c8274933cccfe5ac6c674c995e64a35570587

    • SHA512

      1bdc71b6cd6feca4f1203a6d50ade4491166e87113f9c30c099097e9013f14825dd7e259e72f5866dc9f7a290a3cd0722d00ed631d106dc92b76fbd2ca0b812a

    • SSDEEP

      6144:bXhaVAhAD4U5lbVHTKa9m2tZMEtnEuLxE0w6aIdlvLhff22Qer/:bxaVAh64U5lL9m2nMEtEj0w1IdlvFffF

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Discordrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks