discordrat | b61487c5c147a2cce5fde93ecbbbf1fbd43b50d478df10225de3d9a18b490b5f | Triage

Sharing

General

Target

tic tac toe.exe
Size

462KB
Sample

240405-xmdvkabe5v
MD5

d030b7b8bf2872b8e7eff5256f227e6f
SHA1

5f7d935437cb40224cf7d0cd42c25357bcec216d
SHA256

b61487c5c147a2cce5fde93ecbbbf1fbd43b50d478df10225de3d9a18b490b5f
SHA512

e36fc3ee24afa393da618f923fdd082a759cc75a7e76c060919dfa2e8d30e5a11d2b79d37050113a570106ad032d8aeac1f54146fd660c956c22cb151e23e479
SSDEEP

12288:7CQjgAtAHM+vetZxF5EWry8AJGy0y5bj76:75ZWs+OZVEWry8AFBdS

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIyNTg2NjQwNDQwMjU2MTEyNA.G6BFhc.X7me8e4THH9YJHaWJb1zFmIAZ2d2W9j2YEjuLI
server_id
1225868572644085790

Targets

- Target
  
  tic tac toe.exe
- Size
  
  462KB
- MD5
  
  d030b7b8bf2872b8e7eff5256f227e6f
- SHA1
  
  5f7d935437cb40224cf7d0cd42c25357bcec216d
- SHA256
  
  b61487c5c147a2cce5fde93ecbbbf1fbd43b50d478df10225de3d9a18b490b5f
- SHA512
  
  e36fc3ee24afa393da618f923fdd082a759cc75a7e76c060919dfa2e8d30e5a11d2b79d37050113a570106ad032d8aeac1f54146fd660c956c22cb151e23e479
- SSDEEP
  
  12288:7CQjgAtAHM+vetZxF5EWry8AJGy0y5bj76:75ZWs+OZVEWry8AFBdS
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer