discordrat | 875ecb549f5c33316e5179ee0a73711f6f4192d4d35fd16cf4776b5d7d870db3

General

Target

silence-workspace.zip
Size

24.0MB
Sample

240320-mysgzsff6v
MD5

7fdb461d72120003ad0d4abc0b37510d
SHA1

ac03e93a84e8e7302b89c807712cbe47cd3c2e9c
SHA256

875ecb549f5c33316e5179ee0a73711f6f4192d4d35fd16cf4776b5d7d870db3
SHA512

f0897dbecf6f69e0cdb1be797cb76f7a38df2bacdf6e12cc73c0e7d92255f52cecd404fad034c3c121b0ac1f07f0c7e9dd4d649798c939681c09427da279e3e1
SSDEEP

393216:suQVxH1txMF7oL2fBfKK3KsbSGbRAgmruteMemSTPqboHv0:sJVx1taF7oL2kyt9jenSU0

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwODA5NTM2NDk2MDM1NDM3NA.GIdzek.s1kGRBHohEVBwfyN2Y5ba2_cI-PkCZhr8iEZQE
server_id
1208095629734322196

Targets

- Target
  
  silence/silence-workspace.exe
- Size
  
  25.1MB
- MD5
  
  1061860a4a4866b7c64f3d4d2e1774a2
- SHA1
  
  3180d70e4805e09c69db87fac8f9c594d41efeae
- SHA256
  
  97ac54425b9d047f3347ec28afa8193ce1be6922338f68844cf16c718bb50cf3
- SHA512
  
  8aba1090341ae37b2bb1b3b5095b5feea97d4af9f717747ce8d2eec07dd6f2db25604766f33a2bbc9a02cc3e44df19c063886ff2c736e5fdf3115d10dd56d6a8
- SSDEEP
  
  393216:FqPnLFXlrWAQZyRTDOETgsvcGzVgnA/+pWpC5IFhWlXWskIcXyo:8PLFXNWAQZyAEP0OyU8xXci
Score

10^/10

discordrat persistence pyinstaller rat rootkit stealer upx
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2