discordrat | d624951bfc5e38a018beb94c1c8acb97a6becca52e6d069b156b5e55608f857a | Triage

Sharing

General

Target

Onnx File Installer.rar
Size

286KB
Sample

240602-pvywpsde46
MD5

40213d4463924b5cfe42addc74e10efc
SHA1

e7ee2cbf5be424a687563807181dcebe80169d20
SHA256

d624951bfc5e38a018beb94c1c8acb97a6becca52e6d069b156b5e55608f857a
SHA512

3052564b1100c8712a372a4c1a716210358df0f56e495901dd48928c18476ebc3130b4270a61b8d3d66f3bcda2872da1d4b16027f5388f1b00d8085ad973372e
SSDEEP

6144:6IxCIvis/TCDzWVVEfG2EkwCDGs1qA/bCAgUjr1xRkyWskk:6yRwrUkw0Gs1qMgUndkmZ

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0MzM1NDI0NDI1NDI3MzYzNw.GUkt7C.Pcja3LSm_8Cp1CqJOlASW0-GzRtoJOOBBsmJcg
server_id
1232533200622845975

Targets

- Target
  
  Onnx File Installer.exe
- Size
  
  78KB
- MD5
  
  e35f5c4a4d3763f1c9ea5ae6001c6ae4
- SHA1
  
  32869af3cae52873656cfc64f4c169151c2bdd7d
- SHA256
  
  2a470ef5fe5f825bf643a3d1fa819659857513a2c81cdc9a0305235617dc1b04
- SHA512
  
  8d3045ce0304c45a3be7a046940c6453c08386d5697e721161ac9f6cc5dfc68deecdbc5de94045153963e0810c486d9ceaa9e3229c60b7121cc85be57700645e
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+5PIC:5Zv5PDwbjNrmAE+JIC
Score

10^/10

discordrat persistence rat rootkit stealer spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  api-ms-win-crt-stdio-l1-1-0.dll
- Size
  
  26KB
- MD5
  
  5df2410c0afd30c9a11de50de4798089
- SHA1
  
  4112c5493009a1d01090ccae810500c765dc6d54
- SHA256
  
  e6a1ef1f7c1957c50a3d9c1d70c0f7b0d8badc7f279cd056eb179dc256bfefda
- SHA512
  
  8ecb79078d05d5b2a432f511953985b3253d5d43d87709a5795709ee8dbca63c5f1166ed94d8984c13f2ea06adfa7d6b82c6735c23c6e64f2f37a257066864e6
- SSDEEP
  
  384:WnZpFVhXWfhW2Lm0Gfi3RKllGBwLeb+Jl0huSwpSs:a+rRlkLelhepSs
Score

1^/10
behavioral3
- Target
  
  api-ms-win-crt-string-l1-1-0.dll
- Size
  
  26KB
- MD5
  
  aacade02d7aaf6b5eff26a0e3a11c42d
- SHA1
  
  93b8077b535b38fdb0b7c020d24ba280adbe80c3
- SHA256
  
  e71d517e6b7039437e3fc449d8ad12eeeca0d5c8ed1c500555344fd90ddc3207
- SHA512
  
  e02fcbcb70100f67e65903d8b1a7e6314cabfb0b14797bd6e1c92b7bcb3994a54133e35d16da0a29576145b2783221330591526f856b79a25c0575fc923985a6
- SSDEEP
  
  768:96S5yguNvZ5VQgx3SbwA71IkFD7RwL9il:9l5yguNvZ5VQgx3SbwA71IEVwL9il
Score

1^/10
behavioral4
- Target
  
  libcurl.dll
- Size
  
  522KB
- MD5
  
  e31f5136d91bad0fcbce053aac798a30
- SHA1
  
  ee785d2546aec4803bcae08cdebfd5d168c42337
- SHA256
  
  ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
- SHA512
  
  a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
- SSDEEP
  
  12288:InAnSwPc/1BzyLmI2MB1MqcUfCKHU1XAfK6ae:I6Pc/1BOKtaeqcUaZXm
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6