discordrat | d01b49ea8c4f9215e0838147fb4eb5909c6298e9f1314e7401faf0d6cbc5d9e0 | Triage

Sharing

General

Target

reducer.exe
Size

29KB
Sample

240404-ncngksdh99
MD5

113b4c92dca5eb03fef7916d9d3216be
SHA1

231a7949ef5eb2fadf148884742b40d32e71cdd7
SHA256

d01b49ea8c4f9215e0838147fb4eb5909c6298e9f1314e7401faf0d6cbc5d9e0
SHA512

fe348660ff1d08b937178466852c04042db6fa0ceda6981c7cdff726e6629741d1170bfee6be16c115a9df1d2a3177b985ade216a137d2f6f83fbd2ab199cd10
SSDEEP

768:KMLDTH3XaAy8MM9cmtqTbUh/W2pfAIxsXo:PHiS9cIhe2pI3o

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTEyOTg3Mzk2MjY0MjQ2MDc3Mw.GVoB7q.zgQTyRC6__mUfWAQ71TKowd69RCw5b2gtOewvc
server_id
979482293682978877

Targets

- Target
  
  reducer.exe
- Size
  
  29KB
- MD5
  
  113b4c92dca5eb03fef7916d9d3216be
- SHA1
  
  231a7949ef5eb2fadf148884742b40d32e71cdd7
- SHA256
  
  d01b49ea8c4f9215e0838147fb4eb5909c6298e9f1314e7401faf0d6cbc5d9e0
- SHA512
  
  fe348660ff1d08b937178466852c04042db6fa0ceda6981c7cdff726e6629741d1170bfee6be16c115a9df1d2a3177b985ade216a137d2f6f83fbd2ab199cd10
- SSDEEP
  
  768:KMLDTH3XaAy8MM9cmtqTbUh/W2pfAIxsXo:PHiS9cIhe2pI3o
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discordratpersistenceratrootkitstealer