discordrat | 939fed83d6381ce90f7e69833204f77be7134c62b0fef6f2d8e82722b1a30e9c | Triage

Resubmissions

18-04-2024 16:03

240418-thdr8ahc53 10

17-04-2024 17:38

240417-v7pfpaab9w 10

Sharing

General

Target

check_pic.exe
Size

91KB
Sample

240417-v7pfpaab9w
MD5

2a6bcd471e17bf7e517ed75b3f96dfd9
SHA1

2a1318834be42e05de6c1a466958ce475b1bbb58
SHA256

939fed83d6381ce90f7e69833204f77be7134c62b0fef6f2d8e82722b1a30e9c
SHA512

f10bc9f91b0c3b497bb1aea79022948d56979f04f86d3992066ade731a776246231c93c1045a57c70514ddd1f3e0d87d9ec88f166f180667adac8f7c2619099c
SSDEEP

1536:IJs1RO8f2UsgLCerU8FlgksixIgmRx4QMWHzDb7+xbrBFeh1U+f5RzsrN:71QW2CJfj4iSgmRyQVDXgbNFn+f5psN

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwNzQ0Mjc2MTY3MDk4Nzg5Nw.G7QGsq.mV9vPnqHSKpUueDX1U0MR64-D5ZHLEHM-uK5fI
server_id
1228104284198015068

Targets

- Target
  
  check_pic.exe
- Size
  
  91KB
- MD5
  
  2a6bcd471e17bf7e517ed75b3f96dfd9
- SHA1
  
  2a1318834be42e05de6c1a466958ce475b1bbb58
- SHA256
  
  939fed83d6381ce90f7e69833204f77be7134c62b0fef6f2d8e82722b1a30e9c
- SHA512
  
  f10bc9f91b0c3b497bb1aea79022948d56979f04f86d3992066ade731a776246231c93c1045a57c70514ddd1f3e0d87d9ec88f166f180667adac8f7c2619099c
- SSDEEP
  
  1536:IJs1RO8f2UsgLCerU8FlgksixIgmRx4QMWHzDb7+xbrBFeh1U+f5RzsrN:71QW2CJfj4iSgmRyQVDXgbNFn+f5psN
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer