discordrat | 02e896adebf162d071bf730e2c5eed52e207efe3d7eeafc094acc5b2cb763b52 | Triage

Sharing

General

Target

Tulpical_V3 lock.exe
Size

736KB
Sample

240614-xvzf8swfqr
MD5

adb97c2b434b39f7aec3240097430b8a
SHA1

33575f816b3e281aa327e2f07f673bd1fab25a81
SHA256

02e896adebf162d071bf730e2c5eed52e207efe3d7eeafc094acc5b2cb763b52
SHA512

cf85986f9527730964d92af0cc556bbbc4ad6eadca43af7427daf4addace189e9b12bebf146226df74c1882c864991b9a859decf6a1fd6d8b78bbfdd7e83ba66
SSDEEP

12288:aCQjgAtAHM+vetZxF5EWry8AJGy0kWyOV5b+mkSAgjxbH93kZ:a5ZWs+OZVEWry8AFi9Vx+mkSTRH93C

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTA5OTM2NzcyMTc5NTYzNA.GqkwcX.UOjwiFdGIpv_jY2sOCDo02zExIyfhOxTIiOv6c
server_id
1251241660453752944

Targets

- Target
  
  Tulpical_V3 lock.exe
- Size
  
  736KB
- MD5
  
  adb97c2b434b39f7aec3240097430b8a
- SHA1
  
  33575f816b3e281aa327e2f07f673bd1fab25a81
- SHA256
  
  02e896adebf162d071bf730e2c5eed52e207efe3d7eeafc094acc5b2cb763b52
- SHA512
  
  cf85986f9527730964d92af0cc556bbbc4ad6eadca43af7427daf4addace189e9b12bebf146226df74c1882c864991b9a859decf6a1fd6d8b78bbfdd7e83ba66
- SSDEEP
  
  12288:aCQjgAtAHM+vetZxF5EWry8AJGy0kWyOV5b+mkSAgjxbH93kZ:a5ZWs+OZVEWry8AFi9Vx+mkSTRH93C
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer