discordrat | 9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689 | Triage

Submit
Reports

Overview

overview

Static

static

3

Google Chrome.exe

windows7-x64

Google Chrome.exe

windows10-2004-x64

7

Sharing

General

Target

Google Chrome.exe
Size

492KB
Sample

240526-bsh6ksad69
MD5

d3ebb8649264196a80f589dcf0c97f9b
SHA1

4bbeef7c604629c5cce710ff78dd1c032dc67fc5
SHA256

9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689
SHA512

fcb8dd306b96ff2cd6c13cd9dcd70330efd2d2cab63548b1089fa207b0249603b8f45f5f2c50755db2a7d877774a7497c2303fc9ab5150529fcf6a24e7f1f9b6
SSDEEP

12288:2CQjgAtAHM+vetZxF5EWry8AJGy0khGPyJm:25ZWs+OZVEWry8AFtGPZ

Score

10^/10

discordrat persistence rat rootkit stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Google Chrome.exe

Resource

win7-20231129-en

discordrat persistence rat rootkit stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Google Chrome.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NDA5NTY1ODUwNDM1OTk3Ng.GTDu8V.pnAIDXNTNWIQchltJK15s3stoHuo5RxHsi9AYg
server_id
1244095541626015796

Targets

- Target
  
  Google Chrome.exe
- Size
  
  492KB
- MD5
  
  d3ebb8649264196a80f589dcf0c97f9b
- SHA1
  
  4bbeef7c604629c5cce710ff78dd1c032dc67fc5
- SHA256
  
  9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689
- SHA512
  
  fcb8dd306b96ff2cd6c13cd9dcd70330efd2d2cab63548b1089fa207b0249603b8f45f5f2c50755db2a7d877774a7497c2303fc9ab5150529fcf6a24e7f1f9b6
- SSDEEP
  
  12288:2CQjgAtAHM+vetZxF5EWry8AJGy0khGPyJm:25ZWs+OZVEWry8AFtGPZ
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

© 2018-2024

Terms | Privacy