discordrat | 8cd446387f47cd667943aba6e1e636c36fe07fb2dbc0990201fb3552ca8077e4 | Triage

Resubmissions

19-03-2024 16:46

240319-t968vagg74 10

19-03-2024 16:44

240319-t811fahe2x 10

19-03-2024 16:41

240319-t68x9sgf77 10

Sharing

General

Target

silence.rar
Size

726KB
Sample

240319-t68x9sgf77
MD5

eb5b9e0f7e86d9d747afc116edfad2eb
SHA1

42b2cf0788d4850e0d4579b070e0ddd003f56968
SHA256

8cd446387f47cd667943aba6e1e636c36fe07fb2dbc0990201fb3552ca8077e4
SHA512

a43aeb76d2181556f5a7066ca3870cc34d83643f2500601653bf743185bdf6393bf98a2b6afee8dfe516c90b8cb78b1c727dbf36009daeed4400cccf354c6449
SSDEEP

12288:b8+iQ/KYfMFV1D0Zm/cLmEU3f+c8ZSu0nIdyAVdZ/1fF2EWxWsiFjbayXu8OOjph:bx/KWr3Ls3j8wu0IdfVTNnWiu8OOn

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwODA5NTM2NDk2MDM1NDM3NA.GizXN5._a-pu5nHBPQiBTo-MibYQvf7mDtkutfsttwhUo
server_id
1208095629734322196

Targets

- Target
  
  silence/silence-workspace.exe
- Size
  
  1.7MB
- MD5
  
  839a13e8b65aab0cb6d061ac82a8e3d4
- SHA1
  
  3de9d9d68c94493867bcb081d093bf39d45bf923
- SHA256
  
  a8741e78c8b8b86042814e65b5a7ab358f1050757de3738a0d358097db996bd3
- SHA512
  
  ea2ded5b24dc88af32673957a7cc85c5b602fec5731c4af4d3cb9859009f0af6d2b9b629253090d23715af3b8030fc5727612f92a5339e08748fad5694eff2bc
- SSDEEP
  
  49152:O0xx0GTBlPBAc2AVMlsHbeucMYc5pSoUiGG8:OWTkcH3Hyo
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  silence/silence.json
- Size
  
  63B
- MD5
  
  1e543cf5d38b7203ca1748d8c95c4fa4
- SHA1
  
  244de7367dc9e760fc801f89fbf504cfe05e0a92
- SHA256
  
  f36c6a958ed81ffa3bff2c1ec87f3ef43e68bc4c3a3906a8cc0e9987a26069f9
- SHA512
  
  39cb5a34345729f8e2a6692fe687da189b6de544eb60dc9be197e3a69d288cba5e8f7001144436c119644573e1c088d8ccdbad8051306e489e73db1230f6e374
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2