discordrat | 7dd7db99a76d644d98580fda11566edcead3edea2a72e1800b5e7afa5da3d437 | Triage

Sharing

General

Target

XLetters.dll
Size

48KB
Sample

240303-cx45aabe81
MD5

52d5cb0e123dc9080741bb05b8637703
SHA1

bc4ee154a3476f325f89c5212d7e5199e6bc691a
SHA256

7dd7db99a76d644d98580fda11566edcead3edea2a72e1800b5e7afa5da3d437
SHA512

a2462f96d4c8afdd6ea6b1ceb370ce610f3a917f0319ee4a088cc67b640c0c98c81560ec2607bfa2af4d823734db31b6024d4ae654d1bf526c1d1b0ddcadcc16
SSDEEP

768:deXjzl86AWIyvejyMjkYrB0e7Z1I6eqgFbZwIBjQSKrMc:MTzl86AWZvjMjbrBrTkFViS0

Score

10^/10

discordrat persistence ransomware rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5MzM5NjMyNzQzNDk0NDUzMg.GQtyFE.630ymbBowAmccfehQ9LqT14nEeJOjZV4R1iwvU
server_id
1193395247854653511

Targets

- Target
  
  XLetters.dll
- Size
  
  48KB
- MD5
  
  52d5cb0e123dc9080741bb05b8637703
- SHA1
  
  bc4ee154a3476f325f89c5212d7e5199e6bc691a
- SHA256
  
  7dd7db99a76d644d98580fda11566edcead3edea2a72e1800b5e7afa5da3d437
- SHA512
  
  a2462f96d4c8afdd6ea6b1ceb370ce610f3a917f0319ee4a088cc67b640c0c98c81560ec2607bfa2af4d823734db31b6024d4ae654d1bf526c1d1b0ddcadcc16
- SSDEEP
  
  768:deXjzl86AWIyvejyMjkYrB0e7Z1I6eqgFbZwIBjQSKrMc:MTzl86AWZvjMjbrBrTkFViS0
Score

10^/10

discordrat persistence ransomware rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discordratpersistenceransomwareratrootkitstealer

behavioral2