discordrat | 067e6715c37629155ae95e4896d31ca4d9389179482cd0b18fc1043b4e99d70b | Triage

Sharing

General

Target

240225-nqhhgsaf36_pw_infected.zip
Size

190KB
Sample

240225-qnsa1sce57
MD5

555b8fc776b5d4d42bfd164ced510f7a
SHA1

9a5c0ed275842185bed11669bccd998f458beb6a
SHA256

067e6715c37629155ae95e4896d31ca4d9389179482cd0b18fc1043b4e99d70b
SHA512

520c74c7b40ceab3f790797a6b64e4eee2c2483395151d9d0805de332fe9d7216ac16d131b1ff9231606d89e64acfd2316a199090cb88ad01706d515dc2bb55f
SSDEEP

3072:Bn9HMPJTZ2rkem1Y0ScqfRZyegYLBym+tYtqPvuE6ccg7nYX4tQycTvNogmlCLQU:EPBZ2rk7Y0ScqfM6yLnPHcgYIKvTlLQU

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMDQ1NjY0ODQ1MjQxNTUwOA.Gh0y7q.0U1kmcgYc3Agu4PPdar0sgV_bW8X8ZoS9NlBm8
server_id
1210454330054807572

Targets

- Target
  
  [email protected]
- Size
  
  302KB
- MD5
  
  ee6160c1a4a92c9660402f147b560431
- SHA1
  
  045c5019a2557de570a7ffc0270d4b4939bbf855
- SHA256
  
  55897406bcc2b5c3ba05b57e97bbc69a2eb5a2941b90a2982e2d3c89d57fbfb9
- SHA512
  
  64189d777a33eedbac2979af87e196e099565b0ca53f842c74bf2826d3c11a1aeaed82823e9089ac8e28e8b0075f6333e64062c6e92ff2696ffd4b88d29ea811
- SSDEEP
  
  6144:vCGaECnpAoDO1A8dg3iTPJLMfgQZycxF+Ii:6GHCnaomAEg3uPdkgWycxF+t
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer