discordrat | c37a22c31c74ab86ca27a6cc482bc8ab3e38d9865f1875981471ab11698538dd | Triage

Submit
Reports

Overview

overview

Static

static

3

Desktop.exe

windows7-x64

Desktop.exe

windows10-2004-x64

Sharing

General

Target

Desktop.exe
Size

8.7MB
Sample

240606-eyk4xahe28
MD5

757bcc0d9818642cf387eec015937f87
SHA1

41306ea2814b6722388c0afcae14634b3f60fa80
SHA256

c37a22c31c74ab86ca27a6cc482bc8ab3e38d9865f1875981471ab11698538dd
SHA512

ba25a5859a1291cc3299aa9ea1eddcabef2ffd13ac24a3890a7a4d186c19511cf42b4a9e7d54ddaa463fc7a05a3317df63e67b73831c5bcce803d87bae6f2543
SSDEEP

196608:Aqw6LrkVIEwGgq6TPcYvdAUNseMuakMlSatoZhz+JmpoX6:RAJ6TPHvbf53at0hSm2X6

Score

10^/10

discordrat execution persistence rat rootkit stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Desktop.exe

Resource

win7-20240419-en

discordrat persistence rat rootkit stealer upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Desktop.exe

Resource

win10v2004-20240508-en

discordrat execution persistence rat rootkit stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NjcxMzUzNDUxNjAzNTY2NA.Gxl_pA.KE9MjXSVDtnUBHfXBt-PJLOkYAdTCbZUddEf-Q
server_id
1248003561623781476

Targets

- Target
  
  Desktop.exe
- Size
  
  8.7MB
- MD5
  
  757bcc0d9818642cf387eec015937f87
- SHA1
  
  41306ea2814b6722388c0afcae14634b3f60fa80
- SHA256
  
  c37a22c31c74ab86ca27a6cc482bc8ab3e38d9865f1875981471ab11698538dd
- SHA512
  
  ba25a5859a1291cc3299aa9ea1eddcabef2ffd13ac24a3890a7a4d186c19511cf42b4a9e7d54ddaa463fc7a05a3317df63e67b73831c5bcce803d87bae6f2543
- SSDEEP
  
  196608:Aqw6LrkVIEwGgq6TPcYvdAUNseMuakMlSatoZhz+JmpoX6:RAJ6TPHvbf53at0hSm2X6
Score

10^/10

discordrat persistence rat rootkit stealer upx execution
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealerupx

behavioral2

discordratexecutionpersistenceratrootkitstealerupx

© 2018-2024

Terms | Privacy