discordrat | 42cdb16f6dd64c4fec30c7a71960fe4d0015862c37e7b02c8dba5c0d68384c74 | Triage

Submit
Reports

Overview

overview

Static

static

7

rufus-4.4.exe

windows11-21h2-x64

Resubmissions

04-04-2024 14:14

240404-rkg7baaf46 10

04-04-2024 14:11

240404-rhlrqaae83 7

Sharing

General

Target

rufus-4.4.exe
Size

1.4MB
Sample

240404-rkg7baaf46
MD5

7a4662bb7f331d2252f3d949657d821d
SHA1

ad53fddfbcead7b3e6c322c0aad8c4a826bd4967
SHA256

42cdb16f6dd64c4fec30c7a71960fe4d0015862c37e7b02c8dba5c0d68384c74
SHA512

a1d111fc91cd470d36bd4640884b3550c6a4035e8c5bc5176dc9f67aa2ef8be6fc12956d0b351c272d8bb89646546dac868b32d1d1985dee86ffb6e971b14f3f
SSDEEP

24576:wOyBSB04yZT5Z6iqUbVEMs6MrhXlPrBnr/TwcEgzXIdVWLpuL94q:XgZT5ZSU1fUhXhrBnbTbaAIt

Score

10^/10

discordrat evasion persistence rat rootkit stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

rufus-4.4.exe

Resource

win11-20240214-en

discordrat evasion persistence rat rootkit stealer trojan upx

windows11-21h2-x64

17 signatures

300 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIyNTQ0Mzk5NzkwMDYwMzQ1Nw.GWuERT.FvjiredISYysQu4CtwubME2Lb2KTKTUG8SW5yM
server_id
1225162463952109721

Targets

- Target
  
  rufus-4.4.exe
- Size
  
  1.4MB
- MD5
  
  7a4662bb7f331d2252f3d949657d821d
- SHA1
  
  ad53fddfbcead7b3e6c322c0aad8c4a826bd4967
- SHA256
  
  42cdb16f6dd64c4fec30c7a71960fe4d0015862c37e7b02c8dba5c0d68384c74
- SHA512
  
  a1d111fc91cd470d36bd4640884b3550c6a4035e8c5bc5176dc9f67aa2ef8be6fc12956d0b351c272d8bb89646546dac868b32d1d1985dee86ffb6e971b14f3f
- SSDEEP
  
  24576:wOyBSB04yZT5Z6iqUbVEMs6MrhXlPrBnr/TwcEgzXIdVWLpuL94q:XgZT5ZSU1fUhXhrBnbTbaAIt
Score

10^/10

discordrat evasion persistence rat rootkit stealer trojan upx
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratevasionpersistenceratrootkitstealertrojanupx

© 2018-2025

Terms | Privacy