discordrat | 9dc7f34749d669d2f819076050aec0567232281ff9cfc6c77fc2bb2683a7d548 | Triage

Sharing

General

Target

pvp‮gnp.exe
Size

775KB
Sample

240531-x24pjabb23
MD5

13121a69f278215b151c64650ac7cb37
SHA1

2e0639d9d767821fe8830cb720d2c7960dcfa9b8
SHA256

9dc7f34749d669d2f819076050aec0567232281ff9cfc6c77fc2bb2683a7d548
SHA512

3d6987aad7dca1e58d3e5ab354b88bc72eaf35ee23d958653b29607cd5206486ef0e379dc0973d1b70995bc34f2bee992feb62a5b9b5e34f27e6eade8f811908
SSDEEP

24576:XuDXTIGaPhEYzUzA0qbRVICpN1gbZyAtey:eDjlabwz9WgONMtn

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NjE3NzQ1MDg3OTA5MDY5OA.GQYQs_.CWWy01exlwJSA5-Ryb8HsR5UWeE5uOF58bPcZs
server_id
1243377281129254984

Targets

- Target
  
  pvp‮gnp.exe
- Size
  
  775KB
- MD5
  
  13121a69f278215b151c64650ac7cb37
- SHA1
  
  2e0639d9d767821fe8830cb720d2c7960dcfa9b8
- SHA256
  
  9dc7f34749d669d2f819076050aec0567232281ff9cfc6c77fc2bb2683a7d548
- SHA512
  
  3d6987aad7dca1e58d3e5ab354b88bc72eaf35ee23d958653b29607cd5206486ef0e379dc0973d1b70995bc34f2bee992feb62a5b9b5e34f27e6eade8f811908
- SSDEEP
  
  24576:XuDXTIGaPhEYzUzA0qbRVICpN1gbZyAtey:eDjlabwz9WgONMtn
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer