discordrat | 144ce56abbd5e2377f3c3218763cb2f27cb334515838be32ca0514995fd5f706 | Triage

Submit
Reports

Overview

overview

Static

static

1

Custom Theme.msi

windows7-x64

6

Custom Theme.msi

windows10-2004-x64

Sharing

General

Target

Custom Theme.rar
Size

561KB
Sample

240705-tfwv1s1dpr
MD5

b4105bbe8c0855e7062f231a5ebab3b7
SHA1

d815e28ec0e12df5903724f5c9114bc7943b2948
SHA256

144ce56abbd5e2377f3c3218763cb2f27cb334515838be32ca0514995fd5f706
SHA512

a91ceeb7d691f707c9fba9ac15f0269ed6b6f3da214beb5d7a66985ec5b37d1ca990a27c65d3f44260a96b5c2c2928f4528e6a9296e3849c43722bae390b1230
SSDEEP

12288:GocfWSz7pFZXUTnCEinBRTzToxqJTtdzbl5m4FMBqrs:GVFz7ZX4dCOxqJhdz64FBA

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Custom Theme.msi

Resource

win7-20240704-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Custom Theme.msi

Resource

win10v2004-20240704-en

discordrat persistence rat rootkit spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1ODA5NjQzNzA2MjAwOTA2NQ.GhJzhd.kk9R2GDudIgunSijVjaWQD6sIwY3-Lvdx3K_jA
server_id
1258096259378577508

Targets

- Target
  
  Custom Theme.msi
- Size
  
  1.9MB
- MD5
  
  3a6d228f64408b62459124daf05bb83f
- SHA1
  
  a0c43230ae4eb0611052b78053214a5e8898a9a4
- SHA256
  
  90673e8a84408b0bf7c029cf6b3c1394a52bb32f318770a0328d7904256e7643
- SHA512
  
  1cfc629d234cb97a40c154a3beeef2f822bbf86c6d90c8df026cf249afd6b7b062ce7a0f6f1b8e787a3972848b42b5320c1ed7ff99c91e00c1d494d412c52c13
- SSDEEP
  
  24576:IxoNa2uPYAGxUherZNh0lhSMXlrI5s2JK5kmwy0CfKAe7:9GP5Ferq7I5RJK5k1jCfKAe7
Score

10^/10

discordrat persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discordratpersistenceratrootkitspywarestealer

© 2018-2024

Terms | Privacy