discordrat | 4d456bc174e4726c8da7186cf48de99f2604544af91d8b5aeaa3fbcafdeb6c26 | Triage

Submit
Reports

Overview

overview

Static

static

3

leokadia f...pm.exe

windows7-x64

leokadia f...pm.exe

windows10-2004-x64

Sharing

General

Target

leosia_wyciek_4k_HD.rar
Size

787KB
Sample

240530-th5wpsdf91
MD5

f26fa7a63e986b56b656118961d7af1e
SHA1

ea4616d9483ba27613581d8df20ea2dba68f09de
SHA256

4d456bc174e4726c8da7186cf48de99f2604544af91d8b5aeaa3fbcafdeb6c26
SHA512

6244873620ad6c657d13d49f43662ab6696ecd274341bbac36a185e90e7b828642be018e9a62c9bdce85251035efced248394d9237d63aed92623e6b20c171ac
SSDEEP

24576:M+7lWFIzg7oJLLDvBkuJ8KUqECk6GgeksLOUX3mbjeW51hE:v7lWFIzg+Bb8tJjksLOUGbjeE7E

Score

10^/10

discordrat persistence rat rootkit stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

leokadia film/leosia s‮4pm.exe

Resource

win7-20240508-en

discordrat persistence rat rootkit stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

leokadia film/leosia s‮4pm.exe

Resource

win10v2004-20240426-en

discordrat persistence rat rootkit stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0MzY3MDczMTU5MDcyOTc5OQ.G25Fr1.zUYZMU8iXioqif_5Uws8Eat0XjMaXMVbm9OT_0
server_id
1243671022599802944

Targets

- Target
  
  leokadia film/leosia s‮4pm.exe
- Size
  
  1.1MB
- MD5
  
  3d988d51bb78c7f05d1d9d621704bd8b
- SHA1
  
  63d9eb61ef9c3a8c06e551651b8ad191f5cbe5a6
- SHA256
  
  f9c95d44186d306f43e7c7b0be319d9feaba04226ce016b56949916c5185c007
- SHA512
  
  c6ccf1423ab8bb6821521810b1247b288bb27dd00047a9deb5dc81be215a9a70f41bc44efce93638056e3a20b9f6efa2b552dae0b2483b613d5302bbcad25a62
- SSDEEP
  
  24576:9uDXTIGaPhEYzUzA0x4w0LzbUNfGL4w0LzbUNHFMkcY4VV+XqyPJcOtk3MrS6y:gDjlabwz9Wvb8vbgFxcYZXfX+kS6y
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer

© 2018-2024

Terms | Privacy