discordrat | d0696ae3dfc83c80cdaf0bb50aa0b7ca04c362177c3bb12ab79a355d261c5465 | Triage

Submit
Reports

Overview

overview

Static

static

SolaraBETA.exe

windows11-21h2-x64

Resubmissions

23-05-2024 16:42

240523-t7qs3shd6s 10

Sharing

General

Target

SolaraBETA.exe
Size

164KB
Sample

240523-xlwnzsce41
MD5

ef3211af9aefd0a032cd9fbb3c46d1e2
SHA1

b6e09ec37c2e50aec3e186b4b80696bc5fbdc1ec
SHA256

d0696ae3dfc83c80cdaf0bb50aa0b7ca04c362177c3bb12ab79a355d261c5465
SHA512

fed323033bb2868183eb5770a6ddb1e745db93dca7d23245ad94c32fc7ce223289cad62e48a8674e38e810c52de9eef1993efae2100e13cde0f78d070b0578cd
SSDEEP

3072:2Zv5PDwbjNrmAE+4IjLdGgCvZuT75lTT3MJObhH:Wv5PDwbBrUIjLdvm27wJON

Score

10^/10

discordrat discovery evasion persistence rat rootkit stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

SolaraBETA.exe

Resource

win11-20240419-en

discordrat discovery evasion persistence rat rootkit stealer trojan

windows11-21h2-x64

28 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5NTg0ODc1MjI0NjgyNTA1Mg.G4P4wp.zMWMnomJQlTXAmzFNKlIfb-ParaaB86MEq0gOY
server_id
1234555349349040179

Targets

- Target
  
  SolaraBETA.exe
- Size
  
  164KB
- MD5
  
  ef3211af9aefd0a032cd9fbb3c46d1e2
- SHA1
  
  b6e09ec37c2e50aec3e186b4b80696bc5fbdc1ec
- SHA256
  
  d0696ae3dfc83c80cdaf0bb50aa0b7ca04c362177c3bb12ab79a355d261c5465
- SHA512
  
  fed323033bb2868183eb5770a6ddb1e745db93dca7d23245ad94c32fc7ce223289cad62e48a8674e38e810c52de9eef1993efae2100e13cde0f78d070b0578cd
- SSDEEP
  
  3072:2Zv5PDwbjNrmAE+4IjLdGgCvZuT75lTT3MJObhH:Wv5PDwbBrUIjLdvm27wJON
Score

10^/10

discordrat discovery evasion persistence rat rootkit stealer trojan
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoveryevasionpersistenceratrootkitstealertrojan

© 2018-2024

Terms | Privacy