Overview

overview

10

Static

static

3

a3402ffe42...32.exe

windows7-x64

10

a3402ffe42...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3402ffe42ea57750ad44efb32044bcd39c170681bac3ad035ef8d0d31659132

  • Size

    543KB

  • Sample

    240526-nhs91sge5x

  • MD5

    a314b9e0e9d1559ba8cea4ab45070cb5

  • SHA1

    071b321edc8f6429cf2706c697feafaa2a256604

  • SHA256

    a3402ffe42ea57750ad44efb32044bcd39c170681bac3ad035ef8d0d31659132

  • SHA512

    1045d4a2649b2ce63acd3c08357e1622f6aff05bdf051b86f68d08540c7a12cfd7ced554789fcacc72022d691d84375a60bbca5cfeaf2e1d07cdc28da66b12ef

  • SSDEEP

    12288:ftH5NLaAdDhAAEIFDf4iNzSHtonu8qi4c+J0/t35X:ftH5sAdXEIFDJNzSHWqi4fJ01F

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0NDE5MDQ0Njk4OTYwNjkyMg.GKKSv3.QM0nX8HsEIYXvPn3-i6tD_jy99bQ-bFdZIMzN0

  • server_id

    1244191426804322336

Targets

    • Target

      a3402ffe42ea57750ad44efb32044bcd39c170681bac3ad035ef8d0d31659132

    • Size

      543KB

    • MD5

      a314b9e0e9d1559ba8cea4ab45070cb5

    • SHA1

      071b321edc8f6429cf2706c697feafaa2a256604

    • SHA256

      a3402ffe42ea57750ad44efb32044bcd39c170681bac3ad035ef8d0d31659132

    • SHA512

      1045d4a2649b2ce63acd3c08357e1622f6aff05bdf051b86f68d08540c7a12cfd7ced554789fcacc72022d691d84375a60bbca5cfeaf2e1d07cdc28da66b12ef

    • SSDEEP

      12288:ftH5NLaAdDhAAEIFDf4iNzSHtonu8qi4c+J0/t35X:ftH5sAdXEIFDJNzSHWqi4fJ01F

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks