discordrat | 689481c56c91f86cf9e6d034cb714e3c92723af3035c00c3c339fcb384258e55 | Triage

Submit
Reports

Overview

overview

Static

static

GTA5-FINAL...SE.exe

windows11-21h2-x64

Resubmissions

Sharing

General

Target

GTA5-FINAL-RELEASE.exe
Size

78KB
Sample

240603-w9akzseg7y
MD5

7ca4d82e1aa342c82da6007947163259
SHA1

7875f56bcbb94747c85a54f8bdd465d866e01965
SHA256

689481c56c91f86cf9e6d034cb714e3c92723af3035c00c3c339fcb384258e55
SHA512

1685a6a2169d1ff6daec4de8c4d48d6035048e2604ff28b4aef6de168785d28c60793d417b9d29bb5e81831c595871f9cdee1aed1eec5f1cbb4dd8f5f746b633
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score

10^/10

discordrat evasion persistence rat rootkit stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

GTA5-FINAL-RELEASE.exe

Resource

win11-20240508-en

discordrat evasion persistence rat rootkit stealer

windows11-21h2-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0Njg5OTQxNDg5NTk1MTk4Mw.Gcxhsz.QV1m4KTtP0M77UZ2GaIPNr05TtimA7gY4NjqcQ
server_id
1246899988789989576

Targets

- Target
  
  GTA5-FINAL-RELEASE.exe
- Size
  
  78KB
- MD5
  
  7ca4d82e1aa342c82da6007947163259
- SHA1
  
  7875f56bcbb94747c85a54f8bdd465d866e01965
- SHA256
  
  689481c56c91f86cf9e6d034cb714e3c92723af3035c00c3c339fcb384258e55
- SHA512
  
  1685a6a2169d1ff6daec4de8c4d48d6035048e2604ff28b4aef6de168785d28c60793d417b9d29bb5e81831c595871f9cdee1aed1eec5f1cbb4dd8f5f746b633
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC
Score

10^/10

discordrat evasion persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratevasionpersistenceratrootkitstealer

© 2018-2024

Terms | Privacy