discordrat | 058e59d9eb0acb68e14ee666d6bb52d1625c220cc50f5b64c61fdb53b830b4b7 | Triage

Sharing

General

Target

Rohack.exe
Size

444KB
Sample

240312-qtxspahh8s
MD5

56b90460dae9476c5e3866167df77461
SHA1

e1d63755763329805db3a94b6c43f7cba7fbf251
SHA256

058e59d9eb0acb68e14ee666d6bb52d1625c220cc50f5b64c61fdb53b830b4b7
SHA512

8efbd604eb75a4e3f1831edcadac912cd2c61b16e996a5556a02e009f6ad459db85b57b29c08fe41865828f2d166d130e8dd36be33994e98ae6d5cb0cefa6ca0
SSDEEP

6144:iTouKrWBEu3/Z2lpGDHU3ykJrS0JjYf3S0JjYfcS5yDUL/h0O4t6K2mJS8I2I:iToPWBv/cpGrU3yAktkbLh0O62WA

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNjIwNjc5NTQzMzk2NzYzNg.GohbVW.iPpB9q0RJ1G0dFKyz8lbDtS0ZkC3QiVtMrd0UE
server_id
1216207348918521936

Targets

- Target
  
  Rohack.exe
- Size
  
  444KB
- MD5
  
  56b90460dae9476c5e3866167df77461
- SHA1
  
  e1d63755763329805db3a94b6c43f7cba7fbf251
- SHA256
  
  058e59d9eb0acb68e14ee666d6bb52d1625c220cc50f5b64c61fdb53b830b4b7
- SHA512
  
  8efbd604eb75a4e3f1831edcadac912cd2c61b16e996a5556a02e009f6ad459db85b57b29c08fe41865828f2d166d130e8dd36be33994e98ae6d5cb0cefa6ca0
- SSDEEP
  
  6144:iTouKrWBEu3/Z2lpGDHU3ykJrS0JjYf3S0JjYfcS5yDUL/h0O4t6K2mJS8I2I:iToPWBv/cpGrU3yAktkbLh0O62WA
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer