discordrat | 8cc512bb06d9e61f5f6b35a5d9df7fc185bd03989213097123f2484ce56acf5d | Triage

Sharing

General

Target

Supra‮gpj.exe
Size

582KB
Sample

240526-x7nkhaaa65
MD5

bca697f38134aaccd4c12c627a485cd4
SHA1

946ce90fe6191b15bd76d2908a50a3590778ce3f
SHA256

8cc512bb06d9e61f5f6b35a5d9df7fc185bd03989213097123f2484ce56acf5d
SHA512

ee44d0c84d3a377c954f9abd6d1b8047e3bebcf2da0b9f638898e76af1978c9b50cfeea11753a2e1f5358042b995527def12cff2447fafe6f4ebca1b3c554494
SSDEEP

12288:9CQjgAtAHM+vetZxF5EWry8AJGy0yWphU0Km1pmylo3jwE:95ZWs+OZVEWry8AFBB0L+0E

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NDM2Nzk4MjY3OTk0OTMyMg.Gv6eq-.Uq2lfr6CoxdEIxVy6jaTNSsvh2dmcKyuVrJL9k
server_id
1242477718638170204

Targets

- Target
  
  Supra‮gpj.exe
- Size
  
  582KB
- MD5
  
  bca697f38134aaccd4c12c627a485cd4
- SHA1
  
  946ce90fe6191b15bd76d2908a50a3590778ce3f
- SHA256
  
  8cc512bb06d9e61f5f6b35a5d9df7fc185bd03989213097123f2484ce56acf5d
- SHA512
  
  ee44d0c84d3a377c954f9abd6d1b8047e3bebcf2da0b9f638898e76af1978c9b50cfeea11753a2e1f5358042b995527def12cff2447fafe6f4ebca1b3c554494
- SSDEEP
  
  12288:9CQjgAtAHM+vetZxF5EWry8AJGy0yWphU0Km1pmylo3jwE:95ZWs+OZVEWry8AFBB0L+0E
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer