discordrat | fe5babb459b6efece0241e14768c284fe3f0d99fe05261ab9a55c9446b348eed | Triage

Sharing

General

Target

DISCORD-HACKING-TOOL-main.zip
Size

12.1MB
Sample

240605-wqxw6sdg2x
MD5

4c8bfe1b14389809aa63b4b16cfaf0ce
SHA1

0e729407639c84fe83cb93a6c772aee4f9c29cbb
SHA256

fe5babb459b6efece0241e14768c284fe3f0d99fe05261ab9a55c9446b348eed
SHA512

6e96b9ffefa5812afba0ad26ebb2dbb60317257097f9cf6bebbb8b082d36848efd3108365fcc8e343244d9ab2a5d99d9b9784b9ef02fd911cfefeae45abf793f
SSDEEP

393216:jjlpUrNQa7Hlc0t4tp9CI6TjxYawtcQm3+3+4J:PnUhQ29u99MO

Score

10^/10

discordrat evasion execution

Malware Config

Targets

- Target
  
  Discord-RAT-2.0-2.0/Discord rat/Program.cs
- Size
  
  59KB
- MD5
  
  69f6cebd0a8015ff93a829a721a666e7
- SHA1
  
  4e2b8b138743549c9c66ac42cb3e6eada572ee83
- SHA256
  
  8c8b82e35d1f693443b0ef8c531831e3a596184e52534f296da2e13bea8e7e7a
- SHA512
  
  0974fe9bc6cbc4088e38a8791d323ff8563fb7f9349a63503f90332dbb209714c0a3759699ca0dc0170627783dec8ff4d30580a930cfaf1c6a06c16c3b237925
- SSDEEP
  
  384:ywr6dz4/80xvu6SudhKVyqx/uK49K69r2Q41idpBRly36/YvuUCnU+7B:9tddgZs9L9KQ4unEybU+7B
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  Discord-RAT-2.0-2.0/Discord rat/Resources/PasswordStealer.dll
- Size
  
  53KB
- MD5
  
  ad42d271e4b7d5c14c179c6cbe559bef
- SHA1
  
  3cf564330231eedce6458836b03e3c129c799b47
- SHA256
  
  ae8abf10e555cee9769abea0e2d3379b11bc6a817f75a0b6038d294fa3d6a136
- SHA512
  
  8f723c3f79c32bac1f823b5c01b535d439dd52c841d84a178634c897f630e53fe520b5e5c96061a5a84eed3878605b45322187f135784ab98906f8221c239310
- SSDEEP
  
  768:mG0+OqGLEJb+SFeagWNRJHMMNcA/nx554oq3U07WAx3ZsLaXLw:mMJ+SFNRtMxTZ3UXmU
Score

1^/10
behavioral3 behavioral4
- Target
  
  Discord-RAT-2.0-2.0/Discord rat/Resources/Token grabber.dll
- Size
  
  2.8MB
- MD5
  
  f64eadf97eacf0c639336617cf6af03b
- SHA1
  
  ba2a264ac0773a804ab15da18ded3bc556cc99ce
- SHA256
  
  a3ca8d72edaf4ffb84a38e88a31f9e537d7d7b76f7cc7966583c7b4b4a811c74
- SHA512
  
  e4de93107ec60ebdcd2bc6c4b5bddbc2d639d805bf8b7ad57881b04a5f5f5d0bb7cb24e4f3169801fee220b338494b82cd180c36e9dcd0cedda726a5c4621fd5
- SSDEEP
  
  49152:TsLJjhwr1Bp6ErdSl0WXK99EYKauI1HIknog:TKJjhm1BptqXK
Score

1^/10
behavioral5 behavioral6
- Target
  
  Discord-RAT-2.0-2.0/Discord rat/Resources/Webcam.dll
- Size
  
  39KB
- MD5
  
  a2febd7a91532a08fa5dca771ea7bd2c
- SHA1
  
  41f05c292f081f91364134a8897128027ee2f855
- SHA256
  
  965494b6b3574b5e7afd2cdfdaf42813a3034a37f5309daf5afee63401894da2
- SHA512
  
  5cd2b4580e3e2c02a6dfcf5419d2a47ae6666136dd1354e2929b4497239da9d404aa399dfe8a057b5b91cb59611bc2b5400862d9d5d66e34cfe1e23f8b00103a
- SSDEEP
  
  768:2snfEuPWvIgwQrfA4MKI3KBz7ZIR/5IOYTu4j2:hfEuPWvHhBM7aBxaBIOYTn2
Score

1^/10
behavioral7 behavioral8
- Target
  
  Discord-RAT-2.0-2.0/Discord rat/Resources/rootkit.dll
- Size
  
  223KB
- MD5
  
  d72fea64a05b3f7dce725352d7c1d032
- SHA1
  
  9c27e234567d237d9c495353567f2efa42e8f616
- SHA256
  
  8fdae5b4490183c9057a684f0ac2f82dd5c8911cb2f43a54ff47a9ad6e93952a
- SHA512
  
  56bb1c4d83587ecc5f8bb41882d449e1812cdf1db1fee4068f5ef1b49f28d3e0af95e14f306d494a6c6cd4771c052360a96388f59bfa409affb3b21790da00d3
- SSDEEP
  
  6144:wguKV5BwUnZqazMhD9RLJt88sndcP8pPyDvUGOks:kKLBwiZlzMB9xgndcP88DvvP
Score

10^/10

evasion
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  Discord-RAT-2.0-2.0/Discord rat/Resources/unrootkit.dll
- Size
  
  3.3MB
- MD5
  
  56561903fd1e9dedfe029dd8c9172e7c
- SHA1
  
  ca2fbcd301d4e1ddb3e7fd2b53099e12c06e48c6
- SHA256
  
  4350a69f2630214a7b079e41e3ac2d7c5759a622a0cd1227ba12eee06d758d9a
- SHA512
  
  e16345c92a1639b4ff712591c5f736618ca6b0f83399e5f2265c747fe6829065dfcf9a27486e562ea0766b61c6362611e726e8bf7e943aab4e738bade1d8590d
- SSDEEP
  
  49152:x8ImhHy69ztxaY5lyni2DBZKe8taaY5lSni2DBZWL:OZdyeJH6
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral11 behavioral12
- Target
  
  Discord-RAT-2.0-2.0/Discord rat/packages/dnlib.3.5.0/lib/net35/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  c85801df1a4b5c3c99e0907ee758e678
- SHA1
  
  512b12ac64d1846ec9add9c15774fae59d2fafdf
- SHA256
  
  981af1856c0635540cdbbc1cf3725a47b753182f6f23717f8cca9c7da200d4b6
- SHA512
  
  697ab714d199a4a45055d2769a1eed2ad0abd51de50a5bc4ab8b6685a0277979f9333258e342b23062b01981c032e8fb7efa4ec1dd3c8e916d1acd32d786c376
- SSDEEP
  
  24576:lXsiTalLh9PfNf4JA7NxFoW5UNpYXB1kt5uIv7fntQ2:3itL5xywPktU
Score

1^/10
behavioral13 behavioral14
- Target
  
  Discord-RAT-2.0-2.0/Discord rat/packages/dnlib.3.5.0/lib/net45/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  508ccde8bc7003696f32af7054ca3d97
- SHA1
  
  1f6a0303c5ae5dc95853ec92fd8b979683c3f356
- SHA256
  
  4758c7c39522e17bf93b3993ada4a1f7dd42bb63331bac0dcd729885e1ba062a
- SHA512
  
  92a59a2e1f6bf0ce512d21cf4148fe027b3a98ed6da46925169a4d0d9835a7a4b1374ba0be84e576d9a8d4e45cb9c2336e1f5bd1ea53e39f0d8553db264e746d
- SSDEEP
  
  24576:WHjoaczZfdE55hHl0WQ/OO4yb99MANKtv7f2dcME:tm/BQWgww
Score

1^/10
behavioral15 behavioral16
- Target
  
  Discord-RAT-2.0-2.0/Discord rat/packages/dnlib.3.5.0/lib/netstandard2.0/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  0b803121812d241f8fc1b8e53e8e965b
- SHA1
  
  85d633ae0033747476885aa633ada8d02a2f9c1b
- SHA256
  
  ecf5d926a965b89f1427514ef03df543a48fd26464ca5d6eb27eb0a7e3d7aa5a
- SHA512
  
  01b075e4d475fd9d97dcd7ee47e7af007ad106f061b2019e5d5e846fce663507be1367beb4dd9513795184c755e7ef9b194693302db034fa1bcde2fd49a18d55
- SSDEEP
  
  24576:XPb43npCvPCZVidcW8xUA4X4i92FAAGinjv7f/dc4D:uVYkxSX43zFn
Score

1^/10
behavioral17 behavioral18
- Target
  
  Discord-RAT-2.0-2.0/Token grabber/grabber.cs
- Size
  
  6KB
- MD5
  
  e72008ce666a396d35bec73e9c62d348
- SHA1
  
  b8adadab920f2c308b2ba0f12365f41268de79ab
- SHA256
  
  a4c5aa9b959be5a82060f6bff2262ca2cf87a09256e0b3d6c5dca945d3ffa667
- SHA512
  
  6fe2be27a58bb120e7dad343643be7e4eff1d389810b3f748dc9e78c6ac5f96df164a60b23132c6e2dc9bfc2754416915666f90ff4d52abf542cbbc071fca0be
- SSDEEP
  
  192:ivbBt6rkYsPcB20E01A7xuuRPIz+i+y+qv+i+LP59w0MzSoCBL:ig00Y8uVIzL7PLqx
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Discord-RAT-2.0-2.0/Token grabber/src/asn1/ASN1StreamParser.cs
- Size
  
  7KB
- MD5
  
  9fbd8abfbeb78b4cfe3e5e1a551dbbe6
- SHA1
  
  ac026018dd90e00c5ca8032e62582c29b2869124
- SHA256
  
  d796a8bb549ec9ea1b4a8aa47fcb9768fdeea0b4ae18853daa05c5a646f245a7
- SHA512
  
  bb83de33e9afd7bba04304611e6ada36aa77ccfcdca38f7d7ea20b4594c9084056dafd41b18588a83ced7996fbb1f3e98205e96690236576972a645ca9ad8400
- SSDEEP
  
  192:fTkUG60ZXW7cFGy6XlZ36e46AIxnN3GK9D:fTkUG9ZXW7cFGL1ZqvjIf9D
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Discord-RAT-2.0-2.0/Token grabber/src/asn1/Asn1Encodable.cs
- Size
  
  1KB
- MD5
  
  739a0f92fddcb8660b56c48da3f5d3b1
- SHA1
  
  c4110a88207a029ddaabe2a17946edbcd7e56223
- SHA256
  
  4fb9701adb8c643801dc78f8c67392111fffb497db2f5a132546acd590aea7eb
- SHA512
  
  6277885847fc0e74b9d669bca89ff95e070418e1eb7016b254132bc2be52ae0ded2d07ff3a281e5c143b10b185335885bfae01a22943e3ee99bba6944822b95c
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Discord-RAT-2.0-2.0/Token grabber/src/asn1/Asn1InputStream.cs
- Size
  
  16KB
- MD5
  
  d6b8f69c76d758ac6e7d2a4a1d39defb
- SHA1
  
  1a7be9e58bcb597d8604e6ae6aff6a1974b892c4
- SHA256
  
  e81810ec15b77657180cceac5873f5cb111703e9570e6077e4fe2f6b373f38f4
- SHA512
  
  fc156800804a35bc54c20fddf69e95a905018fdd8a90182e76d52124f64194c105b0e9d979f279807cde4d298af0f716d3d345bf79f814c0350d78c2306dc20f
- SSDEEP
  
  384:39uTo3Z30Gj08jS4QdYZU9RyoXZ5osG/SWVspu9MaMJa0xotss:398o3Z3D08jS4QdYZU9RyoXZ5osG/SW1
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Discord-RAT-2.0-2.0/Token grabber/src/asn1/Asn1Null.cs
- Size
  
  2KB
- MD5
  
  5b2341a924c5c15c1dca56f017fd7cb7
- SHA1
  
  e41d67cfe01a6fdac47da483932a0115ba51e4c2
- SHA256
  
  5b866ccf4b99f4e8473d4e129258c823f0c1ae51ffaaa33e97e702967b9b5ee4
- SHA512
  
  5138d0b171259d1b65f6d2695ab7a25c00c657ecbcfe93d63ad757bcb8b6a32f8665f9ae82b6dbcd22a081bd5ffc9bb30f579c23cd539cd32965003418aa2a82
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Discord-RAT-2.0-2.0/Token grabber/src/asn1/Asn1Object.cs
- Size
  
  2KB
- MD5
  
  d9d25f09ad07a712039b98e88dbafdf9
- SHA1
  
  4ef2c95e6e76f86597e05d359fb0a0381a194752
- SHA256
  
  571c4161e5422ce118b2504bc3ffd771e199e0eca680c682616510562ce132db
- SHA512
  
  9674215a235d435ee45b4d458e887da90412629f17f3b307c1a1e12f8471e125f392435f86685a09ff421ae3c2bd65106cc8b4b0f069a3b59e7ca46489196bc6
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Discord-RAT-2.0-2.0/Token grabber/src/asn1/Asn1ObjectDescriptor.cs
- Size
  
  4KB
- MD5
  
  f6e8632b0a6cd03535cc6219180b54e7
- SHA1
  
  4969563384f3b5eaf7c610d4da60bbf45eac2690
- SHA256
  
  fb85a14e214812c980cabfc19ed7688e4d8195f126515f5ed583cf8df38e56c6
- SHA512
  
  bac7eb6458a6d58f8e996cf7c8c2516523074349beb7a8dbc7bf951a52f8e44d1382d1a520e211670daaf33cfc49a7f7e10e1f150353dc1733be46620f0017ea
- SSDEEP
  
  96:JjaNSlQUVv5AY1Vnl+iJHiomzgRcy73ieLJRiJL9ffeOfffY9ePlI9eL:MZ6v5AYrnl+ioomzgRL73ieLCJL1jSeL
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32