discordrat | c75ed8e67edb12ce91b04dfc1155fe1abb3328fd4e8669bc5a0d64090b62f2d7 | Triage

Submit
Reports

Overview

overview

Static

static

doxtool.exe

windows10-1703-x64

Sharing

General

Target

doxtool.exe
Size

78KB
Sample

240513-2c2wvsgg49
MD5

16d0fb269db477be08d333641dc063c6
SHA1

135e62c03692f27c9c3217a2d974702acdcfc122
SHA256

c75ed8e67edb12ce91b04dfc1155fe1abb3328fd4e8669bc5a0d64090b62f2d7
SHA512

c474547c749ffaa226c23fe0bc7f2dbd9da36e7ccb50626650c8365bac28f07b90f93c450210a8bcb9166f5f7046e9a69759be4fb9b2e804fd3df6c4adee899f
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC

Score

10^/10

discordrat persistence rat rootkit stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

doxtool.exe

Resource

win10-20240404-en

discordrat persistence rat rootkit stealer

windows10-1703-x64

14 signatures

600 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzODI1MzczNzMwMzM0NzMyMg.GageoQ.lrQ8H8NI2J99-bJ1ou6AHy2TezHO3Qo24PieOI
server_id
1238097255248957492

Targets

- Target
  
  doxtool.exe
- Size
  
  78KB
- MD5
  
  16d0fb269db477be08d333641dc063c6
- SHA1
  
  135e62c03692f27c9c3217a2d974702acdcfc122
- SHA256
  
  c75ed8e67edb12ce91b04dfc1155fe1abb3328fd4e8669bc5a0d64090b62f2d7
- SHA512
  
  c474547c749ffaa226c23fe0bc7f2dbd9da36e7ccb50626650c8365bac28f07b90f93c450210a8bcb9166f5f7046e9a69759be4fb9b2e804fd3df6c4adee899f
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

© 2018-2024

Terms | Privacy