discordrat | e69f87dbc38e0ec07e5c6f7952e43325a38e9197d9522092f3746c3dd9a21e43 | Triage

Sharing

General

Target

Steam.exe
Size

522KB
Sample

240725-jtqaaazdpa
MD5

8ebac9696933022b805e9ac4b384d1da
SHA1

a18168613e61a82d361902f25507ccd3d7387123
SHA256

e69f87dbc38e0ec07e5c6f7952e43325a38e9197d9522092f3746c3dd9a21e43
SHA512

a34e6fd7014574727adaf9c99e0d8504e9416ec7c97273e617318df58d5ee6c0b9d67f1d52888a5d9c5bd1c82146a80142a4d0be5f75ad5adf62c12254fa0747
SSDEEP

12288:ByveQB/fTHIGaPkKEYzURNA/bAg8T9ooF7qp9:BuDXTIGaPhEYzUzATqRoPp9

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzOTc1OTAwMDUyMjk4NTU2Mg.Gh30TZ.Kt1WtrwmuOFPcZGqK_yXxmaFsDK5TpEaOCP4mA
server_id
1239434854953648229

Targets

- Target
  
  Steam.exe
- Size
  
  522KB
- MD5
  
  8ebac9696933022b805e9ac4b384d1da
- SHA1
  
  a18168613e61a82d361902f25507ccd3d7387123
- SHA256
  
  e69f87dbc38e0ec07e5c6f7952e43325a38e9197d9522092f3746c3dd9a21e43
- SHA512
  
  a34e6fd7014574727adaf9c99e0d8504e9416ec7c97273e617318df58d5ee6c0b9d67f1d52888a5d9c5bd1c82146a80142a4d0be5f75ad5adf62c12254fa0747
- SSDEEP
  
  12288:ByveQB/fTHIGaPkKEYzURNA/bAg8T9ooF7qp9:BuDXTIGaPhEYzUzATqRoPp9
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer