General

  • Target

    Ragnarok.exe

  • Size

    78KB

  • Sample

    250302-3yg91sy1ds

  • MD5

    bf8002d31967e90a398113bc232c77ad

  • SHA1

    9432d12452ce36fef7d304d1c4574b186c48e1cd

  • SHA256

    b4f98ff483f8047c2b261ac215d44ddc9a88019e18513bdfa1bc9c1676425465

  • SHA512

    0d0ad840bfe5929a656bead016654500f15320401e91aaa7d9a2692e635ecc743c562e03b91f487aff322775bb090c1e7dce175e26da582e8512ca4de4f3b4bc

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+5PIC:5Zv5PDwbjNrmAE+JIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTM0NTUyNjkyMzAwMTg1NjA0MQ.G_NYDx.IsBdGf6aXu-iFDn6hC3HK18H7kFTA87Oi2Zne0

  • server_id

    1345519708463435947

Targets

    • Target

      Ragnarok.exe

    • Size

      78KB

    • MD5

      bf8002d31967e90a398113bc232c77ad

    • SHA1

      9432d12452ce36fef7d304d1c4574b186c48e1cd

    • SHA256

      b4f98ff483f8047c2b261ac215d44ddc9a88019e18513bdfa1bc9c1676425465

    • SHA512

      0d0ad840bfe5929a656bead016654500f15320401e91aaa7d9a2692e635ecc743c562e03b91f487aff322775bb090c1e7dce175e26da582e8512ca4de4f3b4bc

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+5PIC:5Zv5PDwbjNrmAE+JIC

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Discordrat family

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks