discordrat | 7751eff004a2e39e4114762476fd1593128256bb9d953bed78d6bb049b8e5d77 | Triage

Sharing

General

Target

rpZJJ8Eb
Size

19KB
Sample

240616-v3lt1azgqd
MD5

3c41b9eb842d25a55c0c896ea6126f70
SHA1

00fbd7772b12c91ea970b3b02399278e818507b7
SHA256

7751eff004a2e39e4114762476fd1593128256bb9d953bed78d6bb049b8e5d77
SHA512

768dfff2fc78e2e8eabcdeace2e980c727fb539a9709ee1734da0f86c6fc77a7f824dd6619467c183be20b5bead98a30e6f776a6270dbc796f7b35cd32632403
SSDEEP

384:ZbFVFR+7V8+7kbBkEPg9VqL+fGZzsg2RrgoAOnC0JqsTSpF6:ZR3R8VB7kbB949U+UsTSpF6

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1MTg4MzU2MTkxNzg3NDI1Nw.GkWNk2.51TyK928OzXAWuMfCBw__cHbmMY6GwTTy3tGIg
server_id
1251222279690518670

Targets

- Target
  
  rpZJJ8Eb
- Size
  
  19KB
- MD5
  
  3c41b9eb842d25a55c0c896ea6126f70
- SHA1
  
  00fbd7772b12c91ea970b3b02399278e818507b7
- SHA256
  
  7751eff004a2e39e4114762476fd1593128256bb9d953bed78d6bb049b8e5d77
- SHA512
  
  768dfff2fc78e2e8eabcdeace2e980c727fb539a9709ee1734da0f86c6fc77a7f824dd6619467c183be20b5bead98a30e6f776a6270dbc796f7b35cd32632403
- SSDEEP
  
  384:ZbFVFR+7V8+7kbBkEPg9VqL+fGZzsg2RrgoAOnC0JqsTSpF6:ZR3R8VB7kbB949U+UsTSpF6
Score

10^/10

discordrat persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitspywarestealer