discordrat | 41bfb9975a07c647313b8211c9096fd42c379ef1ab8aa55cf8754903636d57cd | Triage

Sharing

General

Target

qr.scr.exe
Size

589KB
Sample

240323-2yb8bsgc3t
MD5

e258820afbaf4806a0af98130aa7e188
SHA1

8384adb56549bb90f45feda7f61cf5f316a2e7b5
SHA256

41bfb9975a07c647313b8211c9096fd42c379ef1ab8aa55cf8754903636d57cd
SHA512

bfa53fab0079710ebad1fc05aec58f29a85f5f029b21a07f126d51858ea9ab93cc2467408a96ac761d3b01b3d5636763f6a8446f4830d2c665d7a246e4c40d86
SSDEEP

6144:vE+yclwQKjdn+WPtYVJIoBfnrI3Yraa41Uhmt+5jh4b+wmN:vBdlwHRn+WlYV+mOYrf8U0U16iws

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE2NTU4OTMzMjMxNzQ0MjEwOQ.GJEVtK.uFJuCXP9hMLmxL5S40swC_tXrG0HdGoTZYWDxI
server_id
1162644088261193840

Targets

- Target
  
  qr.scr.exe
- Size
  
  589KB
- MD5
  
  e258820afbaf4806a0af98130aa7e188
- SHA1
  
  8384adb56549bb90f45feda7f61cf5f316a2e7b5
- SHA256
  
  41bfb9975a07c647313b8211c9096fd42c379ef1ab8aa55cf8754903636d57cd
- SHA512
  
  bfa53fab0079710ebad1fc05aec58f29a85f5f029b21a07f126d51858ea9ab93cc2467408a96ac761d3b01b3d5636763f6a8446f4830d2c665d7a246e4c40d86
- SSDEEP
  
  6144:vE+yclwQKjdn+WPtYVJIoBfnrI3Yraa41Uhmt+5jh4b+wmN:vBdlwHRn+WlYV+mOYrf8U0U16iws
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer