General
-
Target
d5034f65d36b31997ad2e15cd0e10c72ded654c099ef307984c4da937767e4a9N.exe
-
Size
391KB
-
Sample
250201-nexg9s1qgk
-
MD5
ed019318b08c6ec18086e3d8cc8ed4a0
-
SHA1
c5b76f566ed8808d74a12766addbbb010fbe3aca
-
SHA256
d5034f65d36b31997ad2e15cd0e10c72ded654c099ef307984c4da937767e4a9
-
SHA512
dc05444db94d51bc6a9cd4479e6ffe24fcd5dc6bd551219e67d05641b47da1be0691a3ff5a557f1cd5bc9d1688b3b50fb5fcef1d23ae8def28e61c66a33206ab
-
SSDEEP
6144:7E+yclwQKjdn+WPtYVJIoBfYo/eyd8/tbrIQ7Oi9Ku:7BdlwHRn+WlYV+RVz/Nr17J
Malware Config
Extracted
discordrat
-
discord_token
MTMxNzUwNjY0NjkzMDYyMDQ5Ng.GNBK2Y.upogfQP8BcmxvUWnTPh9TiKyGPCxMpHGHpJtR0
-
server_id
1317507198582128671
Targets
-
-
Target
d5034f65d36b31997ad2e15cd0e10c72ded654c099ef307984c4da937767e4a9N.exe
-
Size
391KB
-
MD5
ed019318b08c6ec18086e3d8cc8ed4a0
-
SHA1
c5b76f566ed8808d74a12766addbbb010fbe3aca
-
SHA256
d5034f65d36b31997ad2e15cd0e10c72ded654c099ef307984c4da937767e4a9
-
SHA512
dc05444db94d51bc6a9cd4479e6ffe24fcd5dc6bd551219e67d05641b47da1be0691a3ff5a557f1cd5bc9d1688b3b50fb5fcef1d23ae8def28e61c66a33206ab
-
SSDEEP
6144:7E+yclwQKjdn+WPtYVJIoBfYo/eyd8/tbrIQ7Oi9Ku:7BdlwHRn+WlYV+RVz/Nr17J
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-