Resubmissions

04/03/2025, 16:36

250304-t4hcjavry8 4

04/03/2025, 16:25

250304-twxr9avtbv 6

04/03/2025, 15:38

250304-s3h21avjt7 10

04/03/2025, 15:35

250304-s1s47atrz7 4

04/03/2025, 15:32

250304-sysewatvb1 4

General

  • Target

    nezur-faking-unc-v0-9bo7ts6at0od1.webp

  • Size

    176KB

  • Sample

    250304-s3h21avjt7

  • MD5

    d444757770ebee84843f2922c430a3b5

  • SHA1

    ae36d68db168d69bfe90fb22f703b638070b7d8d

  • SHA256

    20be8d6207184dfd8d235813a15943d41c17434c5ba8d044f182161dca2b33a2

  • SHA512

    a242ab595865991219f8e82a1d1d4c5d01d71a308a8e4ddc4b3746cd199f7890c1c283ba9c815977938a474046d089c05b4490e5323c225d8412f0340418d314

  • SSDEEP

    3072:8ihYfiRKLglPj0xMczOFm2HYyEOEvnYONFs8jNDGCsekDyJNO3:Vh67glPj06KOFFHYyEpnLNZBrhA

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTM0NDIzODgzMTUzMjExODA3Nw.GlXiSY.z6upbo0NihUT0_wVluygB2oHiMojktYarODkqM

  • server_id

    1343168794809339964

Targets

    • Target

      nezur-faking-unc-v0-9bo7ts6at0od1.webp

    • Size

      176KB

    • MD5

      d444757770ebee84843f2922c430a3b5

    • SHA1

      ae36d68db168d69bfe90fb22f703b638070b7d8d

    • SHA256

      20be8d6207184dfd8d235813a15943d41c17434c5ba8d044f182161dca2b33a2

    • SHA512

      a242ab595865991219f8e82a1d1d4c5d01d71a308a8e4ddc4b3746cd199f7890c1c283ba9c815977938a474046d089c05b4490e5323c225d8412f0340418d314

    • SSDEEP

      3072:8ihYfiRKLglPj0xMczOFm2HYyEOEvnYONFs8jNDGCsekDyJNO3:Vh67glPj06KOFFHYyEpnLNZBrhA

    • Discord RAT

      A RAT written in C# using Discord as a C2.

    • Discordrat family

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks