discordrat | 363a3e73e2832794741348014d8dc97b3366a937c4439026ea91e9046ff8b6b9 | Triage

Sharing

General

Target

monoware.sfx‮‮gnp.exe
Size

775KB
Sample

240531-x9n9tabd72
MD5

3c3c25d4381b19bbb2f632c64d3c4e56
SHA1

7b4caba9c26b29241e7eb0741c5f4a9114ccc677
SHA256

363a3e73e2832794741348014d8dc97b3366a937c4439026ea91e9046ff8b6b9
SHA512

cc66c6e21518e5289cf683f574cf9c787152b72e5c51599f35970257372caf5b907d98544fe7b38ed07f71f5be900c3290d8d2b72495ce220856d6f3114053f9
SSDEEP

24576:XuDXTIGaPhEYzUzA0qbRiheyCpN1gbZyAZ:eDjlabwz9WCrONMZ

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NjE3NzQ1MDg3OTA5MDY5OA.GQYQs_.CWWy01exlwJSA5-Ryb8HsR5UWeE5uOF58bPcZs
server_id
1243377281129254984

Targets

- Target
  
  monoware.sfx‮‮gnp.exe
- Size
  
  775KB
- MD5
  
  3c3c25d4381b19bbb2f632c64d3c4e56
- SHA1
  
  7b4caba9c26b29241e7eb0741c5f4a9114ccc677
- SHA256
  
  363a3e73e2832794741348014d8dc97b3366a937c4439026ea91e9046ff8b6b9
- SHA512
  
  cc66c6e21518e5289cf683f574cf9c787152b72e5c51599f35970257372caf5b907d98544fe7b38ed07f71f5be900c3290d8d2b72495ce220856d6f3114053f9
- SSDEEP
  
  24576:XuDXTIGaPhEYzUzA0qbRiheyCpN1gbZyAZ:eDjlabwz9WCrONMZ
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer