discordrat | aca13de69b970f10357414fc04b9d424e3ec91d46c48dcf23244309e6994de24 | Triage

Sharing

General

Target

HackerTool.exe
Size

78KB
Sample

240703-24y92s1bqn
MD5

700cbe7842075702ba7a814135377cba
SHA1

afc4dae81fdcd51e6cfba4df93b95473019db51d
SHA256

aca13de69b970f10357414fc04b9d424e3ec91d46c48dcf23244309e6994de24
SHA512

1a364f96ee78c3e83ec4a9e9a88d070a67fa55cbc4f3e2e5a99f2c4f5d933abee9f98f5537d56159a57771d82e78a19a1b14e1a52002d2420783cfafde59de11
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC

Score

10^/10

discordrat evasion persistence privilege_escalation rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1Nzk1NzI4ODU0MzUyMjk0OA.GIpluZ.fDKYKipS9PVq4yhIAizQmTyDwK5kQQ8ux_PrHQ
server_id
1257954812113190942

Targets

- Target
  
  HackerTool.exe
- Size
  
  78KB
- MD5
  
  700cbe7842075702ba7a814135377cba
- SHA1
  
  afc4dae81fdcd51e6cfba4df93b95473019db51d
- SHA256
  
  aca13de69b970f10357414fc04b9d424e3ec91d46c48dcf23244309e6994de24
- SHA512
  
  1a364f96ee78c3e83ec4a9e9a88d070a67fa55cbc4f3e2e5a99f2c4f5d933abee9f98f5537d56159a57771d82e78a19a1b14e1a52002d2420783cfafde59de11
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC
Score

10^/10

discordrat evasion persistence privilege_escalation rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratevasionpersistenceprivilege_escalationratrootkitspywarestealer