discordrat | d6c4395f0ae44000bacfd6e32934f039172d50b88f800e91632aa28224e49062

Sharing

Copy URL

Twitter E-mail

General

Target

RC7_Remake_V4.0.3 (1).zip
Size

12.3MB
Sample

231013-3ehfnseh7s
MD5

e0f6977c51f44fc6a1c19e30e768b82e
SHA1

c2028a769362980ab19088304982e2ad4ab59d14
SHA256

d6c4395f0ae44000bacfd6e32934f039172d50b88f800e91632aa28224e49062
SHA512

c3e7a013c1a4c7f0ac39006d2ec0384f99525a76d6ef028f74eab9fd9cd3a72360df369075c245cc19ba3cf338752a44d41e9caa0366b32101d83ad7cc0593bb
SSDEEP

393216:PfSE7Ux0r19Irz5FQY9gq0ID6IvNi4owPaYPSFw:PfSQU2r1urVCXcvNKOanw

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTEzODUwOTU4NDY5NzQwOTYwNw.GnqcvS.rCX2N6w-7YZE2LAuqXgNbKNTXYvV_RvO9gYEzQ
server_id
1138506428089368657

Targets

- Target
  
  Fluxteam_net_API.dll
- Size
  
  6.2MB
- MD5
  
  2295c5b937ea6facd25a4aed6546cd69
- SHA1
  
  d9891e3086820f4caa10d3e8e0e754672da5f505
- SHA256
  
  a0c6057548ec5f2294f16ab6cdec2bd101d23970bf7e96ee271093c1946f26ea
- SHA512
  
  5f2f51bb012c73d0f197bab866c92e38157ef2ed40041ed9f3f70bd6a5a13964156cbeabbea9902622b1f4a5369ba7c14cfb15c95c280cf8e6dd129fef75eddf
- SSDEEP
  
  196608:in1xmGmh3ySCjpRFW7bpvCwZqkaGXUc8zjPb:iIxyZpjW/pvLCPP
Score

1^/10
behavioral1 behavioral2
- Target
  
  Hovac_API.dll
- Size
  
  302KB
- MD5
  
  50632a5b835ca2c64f1d2da15775b41d
- SHA1
  
  d4f64a074ad3cede01d7d422bc5a6a97b36a46a8
- SHA256
  
  83f8d558aedf442f653264af1673c9173301ae41eb5f8cb2db2be20858101222
- SHA512
  
  d9b8313b3c6c5852254cd661e50c8bf8e4cb0698f927aefbd34491c0d1f2328154e14ba0321213490df0c5e641474d07599071afc062c9bdb712a226cb43188b
- SSDEEP
  
  6144:1xxiw0qvLJXnlUGujCtjno6itQl+REw6FMG/UHQS8PUHIRA8yVYtFm6axHU6:9kqjVnl36ud0zR/6CtQ9PUHIG8Dn6
Score

1^/10
behavioral3 behavioral4
- Target
  
  Module.dll
- Size
  
  5.6MB
- MD5
  
  456512be55e64adc06604a8ca754a4c1
- SHA1
  
  91f6ca205bec76561b34be0f8bc53882d3bac847
- SHA256
  
  906f70118cf49eb59f01981ece40b9669ee37d934482c982ae887fa0b5bbea5b
- SHA512
  
  e322c0c3a3ea5ff4d0e15458680771130b397bea9b132656710eaed706ce29fa923ff752ef5c05433fb047a356d106bbc518958d86c4be00b09db93924be819a
- SSDEEP
  
  98304:TS6C/Lx97QIj+5B2EyYkvR8/lgQ/6SRJ9vN:TaLvnvvGnF
Score

3^/10
behavioral5 behavioral6
- Target
  
  Rc7 Remake V4.0.3.exe
- Size
  
  1.8MB
- MD5
  
  e9fe08dc305ecef9d3e30387b7606449
- SHA1
  
  36bf2ff5ea70c0b39b2d130769aea4b335881217
- SHA256
  
  de659081e783bdc5529dcf792033da79266d4749368d1de30089bf8d39635ec9
- SHA512
  
  17f7d01ea90db97b4632339c17d8f0188bd7879ce2825c67b1f33036d882ac5da1294a77cf00613fbd92da3a78f116b01bcfbe59c162487720d4258140eb4cac
- SSDEEP
  
  24576:13rpuCfwthkMlFwF6OMJStMWxvS4HyQaHRt1qgKhrE7mgJW:RpuGw39lFGMJSIOyNHr6um/
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  VisualStudioTabControl.dll
- Size
  
  12KB
- MD5
  
  365be8c17e1cce92c530abaf16d4c709
- SHA1
  
  a4c1f9cf40408c42a0865806b28c7552b0ba91f0
- SHA256
  
  af6815d815f4dfa21bd7ea9c0386b18359363478adc277870cf99577d9f5bba0
- SHA512
  
  532f246fc72d9f65936eaf8dc0e77d91b3d0f5070de1f5971d889232b1905a56f1dbccf896a9ebdafe268b9b9d34a91ea78904c92fdcca440e19d77134327c5c
- SSDEEP
  
  192:ap9gZJpVFf27JZE/3FaXIDbZHs3eJ/PCYOaPlgORNQEFKfyfPatuBsboFSOIP:S9gD8IDbptJ/7Oa7RNQTfCatumboIFP
Score

1^/10
behavioral10 behavioral9
- Target
  
  discord-rpc-w32.dll
- Size
  
  289KB
- MD5
  
  a1c35901ad26a30c5b7836771b6badff
- SHA1
  
  94a57cd3452a53c209323a1ce738b9f0fb0d6087
- SHA256
  
  517240600b04d454cc5ab7b03e43c4af5a0b831fd2515f25c015a83652ad4cac
- SHA512
  
  0af73788858e85df874cc232f5d31765648ffbf53d7fdf388fc1b619f44b9ca172c3ac92c983cbeec5d22b6692cd7d3f20734c8e759fe9cf53ac2671d9c1d5e4
- SSDEEP
  
  6144:iiLsvWG766dSiKXs2Ol2JWzh0TWxwpeqN55I8pF+WVe2KN6nB/F:iiLmW8daXs2dWzx5M5I8P+WM2a6tF
Score

3^/10
behavioral11 behavioral12
- Target
  
  qdRFzx.exe
- Size
  
  13KB
- MD5
  
  570dda71a3e0e9c60465872fc5931c55
- SHA1
  
  e1e8f92739a53f9b7e32fa89969174e386427756
- SHA256
  
  a8e7f1d1fb0a4583e8adabc4c44c1cc164fdc6be00eb494aa94e714654ef3c22
- SHA512
  
  d84a25ad82f7326c826f2b35bbfc348327423cc3178c767234676a395002edf5dfd43febb57b4e1e1842ed757abb4171b920c085e4cdf32f1f3f5d0b4a36c914
- SSDEEP
  
  192:bNYAX3Fk9EGZV3kF+mmY3jjeDqIexhhdq98DSmLAjX30JS0RB1lb7piW3+:bNn1kllkF+mtPeDmxhy98Dvb9iW3
Score

3^/10
behavioral13 behavioral14
- Target
  
  scripts/(InfiniteYieldMasterSource).txt
- Size
  
  437KB
- MD5
  
  90c6a9e0d47f86bc73d34adf0cff574f
- SHA1
  
  818974d281dffbb18a7cbb903b09e0f859dd91b8
- SHA256
  
  c39b24e98376777921d970502294294286900eb22835cca906e883899167b2b5
- SHA512
  
  38d7bca0d61de90b4aa3cd301ac5ebb6f47fabb360675ec80af46340e3df3b6fefbbb1f57694ef9a5b78cbb73d28e28cbb98acc8a8ed1c26231f689db79da58c
- SSDEEP
  
  6144:Dj/ItvuFwozb08STiN4FMRST8Np82jmniXF1lik0GWC8BQPAdJyThR+u:Dj/Itvqb34hFIVSniXZR+u
Score

1^/10
behavioral15 behavioral16
- Target
  
  scripts/Aimbot 3.0.txt
- Size
  
  98KB
- MD5
  
  a026af0c23f83d6ec3ee17a4453c7dcf
- SHA1
  
  e707b0ebf1eac194e90c70767ee29a1c37e1a4a2
- SHA256
  
  81fe4c1f8cbcf06e43a347fd8c39ceef960995031ae71db385c28636dfce3ec8
- SHA512
  
  9817501504aa1b4777f8d0b10c9776d224e0aa38e9ca91a6c80d472d5b5ceafac2e507c335a2bd9959073d74912825e1361bae699404b8c3bcdd9306b85c1b79
- SSDEEP
  
  1536:3N+t5Lq6w48qJ4UJe6wyG9EeG251GX/J3GC1Zqn+MVpx2RnB:kt5L0UJe6wyG9EeG251GX/J3GC1ciVB
Score

1^/10
behavioral17 behavioral18
- Target
  
  scripts/Aimbot.txt
- Size
  
  30KB
- MD5
  
  3ea5f844c18f550a3db09193c56594e8
- SHA1
  
  389968ae4228908180ba68ecfab2ddfabeb0966b
- SHA256
  
  d33d3205288b776d977ad0047647bc8d40b83bc7d4f190f86f1011c8b417e983
- SHA512
  
  8af81e52e74950a1961ad004400140386b0ad3d49d64e9617ad12d4550a4b1699eddf8e79849a32cdbdad034f25ee535430de9bef0513758e48b29a54d52b440
- SSDEEP
  
  768:DW6T+ELiUI29j8vVwP8UkSVDYtDkYNighmLlmyEDKtpWpJ7xwrs5SwG1NBbp0Bwh:iYTEK0y
Score

1^/10
behavioral19 behavioral20
- Target
  
  scripts/CC Aimbot.txt
- Size
  
  23KB
- MD5
  
  3ab630b89a082862b82b552185ea4f84
- SHA1
  
  703658e38cb131e6e53491f437a2e7e80a19ba82
- SHA256
  
  54cba20aa0213ce83ed348763db0b17a55e4f39fbeae2ef0535ccf76b95bf622
- SHA512
  
  9c290dd73db4425643f52f5f72c9c4d55666071141f3efd696e4b757b46ebf9fc6bb964ed61f3d9e3ddcbdf4073850041a43b9df6dbf50fcace9382d875fe77b
- SSDEEP
  
  384:vP89lT07hqwp4EfExaDMluPQhKj8NTtXNKCkqJKcGfOtCZukLQKfb/eo5H+mYxsa:vP8XT07hqwp4EfExaDMluPQhKj8NTtXR
Score

1^/10
behavioral21 behavioral22
- Target
  
  scripts/Dex Explorer v2.txt
- Size
  
  632KB
- MD5
  
  317fec7c823a6ba4ad613220b587a0e8
- SHA1
  
  3884e8a9a9122e7912c76c919f20c1b9d274f505
- SHA256
  
  5573cc6f439511c5ec73b0c88af87bce49cac37475aa32da5b75b931f632a3dc
- SHA512
  
  d5adc2137051ab321197d0a2261ab991f5bf16e0271485c64b66679d863efb58191fe269fc40aa39feefd380b28d33168a6910b7ec40dedd2974e6d1d2db0bad
- SSDEEP
  
  12288:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOCBkVgfgLcbVgBe28Vk9Gm1OvClEjmD1Szi:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOC0
Score

1^/10
behavioral23 behavioral24
- Target
  
  scripts/Dex Explorer.txt
- Size
  
  2KB
- MD5
  
  2653a7d92c77ce2269e5d83f9276df81
- SHA1
  
  dc7789afa8887e2a2e3bf1146c2636ade1f50ec3
- SHA256
  
  9e7179b6dfc1ad3a0bd5182290bb335ccf3fd51ecfa7740b8271814a9a564f5d
- SHA512
  
  f025b189a5d31fceefb9cec270640b1f63552500657704833b68cd7820bb1c98abc33c8c2976d09b927ecfb2ac30f22c6b51da89d8c186093fc10fdc28d177c2
Score

1^/10
behavioral25 behavioral26
- Target
  
  scripts/FE Insane Animations R6 .txt
- Size
  
  17KB
- MD5
  
  44efe65c00e43fdf16bc3def6443d861
- SHA1
  
  d1e036f9c68092f1103519b90b32ad7fe13b0b06
- SHA256
  
  ab06c7d68a025beeb3de57880339ed059a153f0cdc81add7b97edbe446f46e76
- SHA512
  
  83f4d383de7a90e1a67ef962212d5f9b7cd823d9d928e34da7d67fc34265bca0065b420e3cc26b9406f93c79af712d73361caf9cb36340da11c0114de6fdc2e2
- SSDEEP
  
  192:AqIp4I58demqlZGnAXO9mj97ImkmAzfMDxaCokammLiyk2v+FREVsRJWC:Al4IEqNeBjMDxaCo17Lt9GRrR9
Score

1^/10
behavioral27 behavioral28
- Target
  
  scripts/FE R6.txt
- Size
  
  43KB
- MD5
  
  96295e52182609768e9a0dd5b1007e08
- SHA1
  
  e5713c1575f27f831ad126517d15f3dae81b865c
- SHA256
  
  c35d2416bfdf84dffa6fe6667a3b7ba2df89347cba21567162fa54cfc5342c4a
- SHA512
  
  3ba1e934d1e66e032f7c537ed7a3d5f16cd4c9fa7b85d1176462f53b082cde5930dbf692d3b6c1f80cfbc99809212660a0106f220490d603eaa903d2e8551d14
- SSDEEP
  
  768:W6jCOHMFSSOiSZue355HQjtAL3lQf0NXTtyMjlPewO7j3B07X6g2UokYSZo8tHKn:/s1iNTlPewO7j3B0L6rUOSXVQWHRXRDG
Score

1^/10
behavioral29 behavioral30
- Target
  
  scripts/FE snake hats.txt
- Size
  
  10KB
- MD5
  
  c025b479d2892fac2d3a464b9492be9c
- SHA1
  
  fc815e2cc74ff3ade614a9ff97db9050066266d1
- SHA256
  
  325d72340f3e20cf04bbdd2616319156b01b07bfb2f5e7e08bac9e35b05d29bc
- SHA512
  
  6c6f6bb73c32003650f67071bb7cd0cd56c3e6892f07cb5b697dbc10d4fee0d21d03e4a408ebd0f7a3424260b6f42ea0315035465935605201d09a29fc5611b7
- SSDEEP
  
  96:VmMUHdxT8HI23EjfyNCNdzNxMf9Y7gTVXJws16hN+Ss+cX4AIYwCa0AlODl3N0OP:AxKEjfvZxLgvp16Nrg4AIYxDl3SOP
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32