discordrat | aa0316816724b47a30eb700b8034f12e1387827bf6ad4305c81dbe31f2ba1f0f | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

240518-ks6fjsce66
MD5

4cc3a192f38f0ba95fa9d68e97f6ef3c
SHA1

be1939d58b92d674a6de1687c66dae7d4dd2ecee
SHA256

aa0316816724b47a30eb700b8034f12e1387827bf6ad4305c81dbe31f2ba1f0f
SHA512

2b8cc93b66a8afd3941baa2ce76a25db53e5843d3751baad6cdc050d8a52c4d84cd23271da6d7781c589fff4352f06e39529e8a80c78e1acb36181be51c253c4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC

Score

10^/10

discordrat persistence rat rootkit stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240508-en

discordrat persistence rat rootkit stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20240508-en

discordrat persistence rat rootkit stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0MTMxMTE3MDk1NTMxNzM1OQ.GtZ2dx.2B3nuUu0A_CuQdHvi3hc41LhN-OI3weFEtjBqU
server_id
1241107698636820601

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  4cc3a192f38f0ba95fa9d68e97f6ef3c
- SHA1
  
  be1939d58b92d674a6de1687c66dae7d4dd2ecee
- SHA256
  
  aa0316816724b47a30eb700b8034f12e1387827bf6ad4305c81dbe31f2ba1f0f
- SHA512
  
  2b8cc93b66a8afd3941baa2ce76a25db53e5843d3751baad6cdc050d8a52c4d84cd23271da6d7781c589fff4352f06e39529e8a80c78e1acb36181be51c253c4
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer

© 2018-2024

Terms | Privacy