discordrat | 3b675a52dfa1c46e2ab9d8632161e52727b2028d67c676ee801d34fe6550aab7

Sharing

Copy URL

Twitter E-mail

General

Target

Executor.zip
Size

5.8MB
Sample

240313-lmamcsbh69
MD5

8a6daae5b930ad9e5b9d022cff5e7123
SHA1

291e04fd17af8bdd16c90a855ae5b664b8c07531
SHA256

3b675a52dfa1c46e2ab9d8632161e52727b2028d67c676ee801d34fe6550aab7
SHA512

bc30bcdd9398d19a57d67b5db78fc33171dd378c3602439960ec8d039f072754f3c6ff85203563c208803646d04f153ce2492ee00f67cd81f2af0cc8416d03ae
SSDEEP

98304:s9afWwICb6kSqoDLstDS5z7dsrnMSCU+cKXpuf51HzRGeO2wBWSblCotn32mSzV:0wInrqoEtiMzx+c2YTUelw/EFL5

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNzA3NzI2Njc5OTEzMjc5NA.G6xQaE.4zXFoh6BPZlAIhLi46DSS2BaJjbxuU5eXQ1tP8
server_id
1190067527355744316

Targets

- Target
  
  Main/CED3D10Hook.dll
- Size
  
  128KB
- MD5
  
  43dac1f3ca6b48263029b348111e3255
- SHA1
  
  9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1
- SHA256
  
  148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066
- SHA512
  
  6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032
- SSDEEP
  
  1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja
Score

1^/10
behavioral1 behavioral2
- Target
  
  Main/CED3D10Hook64.dll
- Size
  
  140KB
- MD5
  
  0daf9f07847cceb0f0760bf5d770b8c1
- SHA1
  
  992cc461f67acea58a866a78b6eefb0cbcc3aaa1
- SHA256
  
  a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4
- SHA512
  
  b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a
- SSDEEP
  
  3072:Kd3u82FbW5v1B9omLKfBbYWFhFCsfa5z8saPFZ1sL3OD1Ow:Kd+NFbWUMKfBTjFxfa5a1y4N
Score

1^/10
behavioral3 behavioral4
- Target
  
  Main/CED3D11Hook.dll
- Size
  
  137KB
- MD5
  
  42e2bf4210f8126e3d655218bd2af2e4
- SHA1
  
  78efcb9138eb0c800451cf2bcc10e92a3adf5b72
- SHA256
  
  1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288
- SHA512
  
  c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74
- SSDEEP
  
  1536:onOLYqoZQBD3m7bmVLcuVGpGXlWXQznQN8erRxQEmsYOT1GlERbo3iV8n/7DkCWy:o4YqoZNHi7VBAXvXMZ7ll3iyn3WOR3Oc
Score

1^/10
behavioral5 behavioral6
- Target
  
  Main/CED3D11Hook64.dll
- Size
  
  146KB
- MD5
  
  0eaac872aadc457c87ee995bbf45a9c1
- SHA1
  
  5e9e9b98f40424ad5397fc73c13b882d75499d27
- SHA256
  
  6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f
- SHA512
  
  164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b
- SSDEEP
  
  3072:/20T06lYodB6ZcnHgSFulvfV0tYP/ipaQ8PFRBIiOBNOW:1Y6bdB6uHgSwtfV0+P/is1BIpD
Score

1^/10
behavioral7 behavioral8
- Target
  
  Main/RUN_ME.bat
- Size
  
  20B
- MD5
  
  e33b065e04e13f92aa194ddb6f7bb9d8
- SHA1
  
  0c651171deee149f84e8feee2eeef678ee19b581
- SHA256
  
  a2ff24b8dbd5f24390c24092f83b2deaadae82bc588e50ca1c618b22ee3f8ec2
- SHA512
  
  155d0a18ffac00414250061c1010508a9c7b512dd0b0910a154655dc9e0e0dc5950762776c3c8195ad28797a661d49e25c5e2496e217457f8824bb58a7805b3a
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  Main/autorun/AddToNewGroup.LUA
- Size
  
  1KB
- MD5
  
  83bdbb1ba0dd3c8c5a18f125951c9325
- SHA1
  
  bd0a80c6bfe473209c04800fd295c0c5505513b0
- SHA256
  
  87fa0d759d6b36cba2b5cb0a8c5c3c43312b0ee6f03e077c4ad6b9f748c5f8b0
- SHA512
  
  dc2959e6fb806d8bb617bfd2f8be7d524a8e8d639f842a31b37d5c8ce445634a44df03cf03d9aa2f7a74137d7fa50966e284dbf02d3662fa78f68acd5ebf80b3
Score

1^/10
behavioral11 behavioral12
- Target
  
  Main/autorun/DotNetInterface.lua
- Size
  
  19KB
- MD5
  
  1dce4c5122636604f6ef299e5e6d8211
- SHA1
  
  b7149b4539315c699711403d85fc7b7d6943fb9d
- SHA256
  
  952bc6a8bfd0070566411ee88ca84f5a7f54c452a4e77790c84cb150595a443b
- SHA512
  
  705620c3b2a1bac7de12778fe953ed96c956f04b53c944907e00086fec2774b1202d424e6428c9e1daa0d49376a6f03b4de5b33e56c778c02f6cdcd76cb3ebe9
- SSDEEP
  
  192:DmA6x6gnQPYg7Zlzgng7/QgVgigbgggQ/egegmgKXh5XCZ1C1TRxvnW53ZgmdUMg:D6hQ9i27lKmUgQm
Score

1^/10
behavioral13 behavioral14
- Target
  
  Main/autorun/JavaInfo.lua
- Size
  
  28KB
- MD5
  
  1bd760ada69fca61957f15955faa5909
- SHA1
  
  e445c15d1c6a8b239f30ea91b047d375408fc5cf
- SHA256
  
  aa530743076cac31f77260beac32b9e0e5b6983c2b3cbc8f348d8abf4f0c9c3b
- SHA512
  
  e4b57ac348a9d12b9f0be1c96591481d88219fb791d81386c0f66b08058a8182c692186d0eaa27482b427bdc73cd643d57ca3a047be8a52f5790d2abc51d5f5f
- SSDEEP
  
  768:u8A165AMalTUAXV/Odz3JJbeX94/TQIG0UDfCI:uEAfTUAUJ5EH
Score

1^/10
behavioral15 behavioral16
- Target
  
  Main/autorun/JavaSearch.lua
- Size
  
  5KB
- MD5
  
  673fc378a0e09bf887e95ffa87d1ada7
- SHA1
  
  12a03af2c137e1dc079f417f67150a7bf70d55d2
- SHA256
  
  8af39e86394f7b56023753ca517bfdca29dc4f3dfe64a3310eafc21207a61e95
- SHA512
  
  dd06ddc7f8ffe6e1fcf142368e1e7035d2f3130b3124a223c9912258552d8984ad8daf12e72253df1c9271cbf1d59d2c40684c4fde5424af16e047882a90ae5e
- SSDEEP
  
  48:StC+Yv1YVq+5pVqZrSA5VixTM0GBHX9bM/oCOHuL6Ei2fqMII1qMII3nOZ22BWyn:KCVt8SFL3Ag0eFM1e19bKfuc275OU3
Score

1^/10
behavioral17 behavioral18
- Target
  
  Main/autorun/MethodInvokeDialog.lua
- Size
  
  5KB
- MD5
  
  196b14ebdf8de3baf14bca42505990c6
- SHA1
  
  4f0ef4bfac987ba7b7eeab048453ed6eed8897fb
- SHA256
  
  eef6cfa2400ab5d1b4c59bbf3bdc977d5600ee07c3edc068de84b16eb48442dd
- SHA512
  
  5c2d4163a67b7eb2add77a3ab135e952c04067f62f41cc8db4e4eec7ef20ca299280e1902e53b65f8edbe2605071a96876daf48cb386095684c30a9127e27803
- SSDEEP
  
  96:1pcDQnDy6H+HdHjHbopbdf6vssaSaaHwuHymCvyrx1Ma+H5HndgbAH/Ey/6vi/+H:ncDQnG6H+HdHjHb4bdf6ksaSaaHwuHnj
Score

1^/10
behavioral19 behavioral20
- Target
  
  Main/autorun/andtools.lua
- Size
  
  7KB
- MD5
  
  dbea35855b986c3e529d5f6dedbe5ef6
- SHA1
  
  3cc8db2ebed5b515ddb6a1cdf54066e8dc0485a7
- SHA256
  
  1142b59d9b5a918b637006fbcd7199c3d561ce08722ecaf192fbf2bcb9b0c3f1
- SHA512
  
  030fb90f1caaffde1dcdc72d74bbda7874e62171029704efb44e521eb46f2d1eb75a99e8314b7b72843bb1edd236c38f4266c081d471a56951bc29c5226c7250
- SSDEEP
  
  192:br0u5yjRAJgkv4a0vmIVn4vAP9dno/wF+j6IV5yG5A:b4uAjRQgg4tmIR8+95WLj95A
Score

1^/10
behavioral21 behavioral22
- Target
  
  Main/autorun/autosave.LUA
- Size
  
  8KB
- MD5
  
  005a675ddbdf7e8359aab9af19dd7000
- SHA1
  
  2dc8ef7abbacff7c11bbdc3e7edfe95a9b2ddeea
- SHA256
  
  2102c2a017fe0c15d924891750f2108734c1f616bb8155db075109e4368a931e
- SHA512
  
  a756d3f6b4cfd8ac91d30f768f4d4ce3571250f484c6fe00e3e439062cb6a7eeef506799324c97b02e9367482dffb72ca599361a3261e95d203d645ac8bd267b
- SSDEEP
  
  192:77ODPchjfwp0nUubFgqXz/C/cozwzQtHdBLRs6:o90UKXxqXR
Score

1^/10
behavioral23 behavioral24
- Target
  
  Main/autorun/babyce.lua
- Size
  
  14KB
- MD5
  
  2752eb057b40d4490c866315c6f50055
- SHA1
  
  0e228ca74cc7c15922e8fce81067cc0c6630257f
- SHA256
  
  1a0af003b24d7af4aac1da4f635dc2654b909ea4e377aa7f8100e1423fe56156
- SHA512
  
  33c3e6493efb708f06ad3ec2f6072cc24a0f62474734a2307347f43bc4a6e669dc03df9d954337c57aff4e3f7e19cefa0d9740390b2e54fc797c8e8f50e27ce9
- SSDEEP
  
  384:aapaXjubrqWBIsICp4vgbWj5fP24uH8pvn1ehUqmWcCGcZhaGNFwytpeuwFda:aawXSbrqWBIsIq4vgbWj5fP24w8pvE+Q
Score

1^/10
behavioral25 behavioral26
- Target
  
  Main/autorun/bigendian.lua
- Size
  
  7KB
- MD5
  
  4b2ee1e7fcff5281b4f39698d8ca5a16
- SHA1
  
  9f1924319e471a58c6ee765eaa574baa95918b70
- SHA256
  
  ec62e56280d04a8abf6bd1261991a505b2e5901082d8e41c9a6a15592cc9ac27
- SHA512
  
  32128583eda5100278f94118bf0fc06c5d34a5812693597f90da4c4fa2303ca4a9e5e69d2f60565492532fdeaf9335272e96c4d2c4897559dede12987ff09bd9
- SSDEEP
  
  192:AQMWG73KlI7UQUWi7lKli7GQYWp7G7wDrcHZfBQQRT8Rw+:ANK7DKJPNTm1
Score

1^/10
behavioral27 behavioral28
- Target
  
  Main/autorun/ceshare.lua
- Size
  
  13KB
- MD5
  
  b58b18c87bde2a935dcd06ded31b3c77
- SHA1
  
  ba8e40d11883ad892bb939dc0317393dc7399b0f
- SHA256
  
  c0a7ad4fd5bc521b04fea71e9d1023d9e36f88bb8f6a53e4e8e014923de4c7d9
- SHA512
  
  2785aa8957b07822f7e66cd5a9ef0369c21afba29d89bc525de13da43f9fda85a9635d9f3e1dcd56bcf45887645aa795355b0da1bcacfea511a92251b9bcaee3
- SSDEEP
  
  192:p1mSfPL5ThWRM8vLdyWR1hHS+6stplX7ZbaFYBY6tnGb:/fPjylLNkKW6tE
Score

1^/10
behavioral29 behavioral30
- Target
  
  Main/autorun/ceshare/ceshare_account.lua
- Size
  
  6KB
- MD5
  
  fb24f06295b3181d16c2097ed6dd1747
- SHA1
  
  37d0f0071cba48aab9f2eec7acd2b1f237bb10e6
- SHA256
  
  0765d83f004386d898aba55a9bb53d032ee38a422b6eef0770e74f7693e7e69b
- SHA512
  
  6699d2f27d41f9c415a7f3300b019a8afe5f3618be9d1a20e4db201b1026abbb2f3a79ce567509590fc43b77516689d5b7b28d7ce41e1db374cf83ec697bc67a
- SSDEEP
  
  192:9mEzdE7OvG9VfHAemV9HmIcqH2E8VHo09CSADseggWXHaOYOKQWnDYW+VwHiPZJz:9mEJvGHo9NruoyFGAo2f
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32