discordrat | 134bc640e8cc14d6c30f91407a8c812a63319072343bbf8a6bc2aaf3a902d44b | Triage

Sharing

General

Target

Wave.exe
Size

505KB
Sample

240623-fjffjs1ajb
MD5

634012a39686513995ecbbaf04235a0a
SHA1

6204df4370ed114bde2caac305f96b1954e68504
SHA256

134bc640e8cc14d6c30f91407a8c812a63319072343bbf8a6bc2aaf3a902d44b
SHA512

b8881eb85dc001d4c256a60dbc141592f89ffded8f90d2240c80d6af6468a34e1ac52e288170c0296cf1afe735e7ef7da6a4738adcfc253fded53c7c56ebe002
SSDEEP

12288:TyveQB/fTHIGaPkKEYzURNAwbAg8ox4CA9ndmc:TuDXTIGaPhEYzUzA0qV9nkc

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NDI4MDkwNjYzODc1Mzg2Mw.GB5zNE.lgu4CSBwMUVxaeb6e0u9sFYW6gLtr8IglmywhI
server_id
1189676766084735048

Targets

- Target
  
  Wave.exe
- Size
  
  505KB
- MD5
  
  634012a39686513995ecbbaf04235a0a
- SHA1
  
  6204df4370ed114bde2caac305f96b1954e68504
- SHA256
  
  134bc640e8cc14d6c30f91407a8c812a63319072343bbf8a6bc2aaf3a902d44b
- SHA512
  
  b8881eb85dc001d4c256a60dbc141592f89ffded8f90d2240c80d6af6468a34e1ac52e288170c0296cf1afe735e7ef7da6a4738adcfc253fded53c7c56ebe002
- SSDEEP
  
  12288:TyveQB/fTHIGaPkKEYzURNAwbAg8ox4CA9ndmc:TuDXTIGaPhEYzUzA0qV9nkc
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer