discordrat | 85ad2e6790b045addec97dd7ac9d54e3e3995a259c7485f071041708ce57aadf | Triage

Resubmissions

15-08-2024 00:20

240815-am97fatfrb 10

05-08-2024 23:15

240805-281cxavhph 10

05-08-2024 23:13

240805-27gjeavhmc 10

Sharing

General

Target

Cute cat pic.exe
Size

630KB
Sample

240805-27gjeavhmc
MD5

830d47eb4e4d55d2b878856445fae249
SHA1

4b80adef867d722fbff2bdede95f7043ebefd2da
SHA256

85ad2e6790b045addec97dd7ac9d54e3e3995a259c7485f071041708ce57aadf
SHA512

9196b47e92756584a70d930ae0f7a48f908cde8ba4762b578efd4545bf48b938c0685cbd372a19553f61f0559cadf5fac771a13d36d29fa2e98355bdb08e755b
SSDEEP

12288:YyveQB/fTHIGaPkKEYzURNAwbAg+fmJNax9Jn2x7n:YuDXTIGaPhEYzUzA0KIs92V

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3MDE1MTU0NDQyNzM4NDk2Mw.GgJHGv.V9KbKHSvwp2eqesQyx1XSS-pmcnaA8qOU-5WRw
server_id
1270152842300100618

Targets

- Target
  
  Cute cat pic.exe
- Size
  
  630KB
- MD5
  
  830d47eb4e4d55d2b878856445fae249
- SHA1
  
  4b80adef867d722fbff2bdede95f7043ebefd2da
- SHA256
  
  85ad2e6790b045addec97dd7ac9d54e3e3995a259c7485f071041708ce57aadf
- SHA512
  
  9196b47e92756584a70d930ae0f7a48f908cde8ba4762b578efd4545bf48b938c0685cbd372a19553f61f0559cadf5fac771a13d36d29fa2e98355bdb08e755b
- SSDEEP
  
  12288:YyveQB/fTHIGaPkKEYzURNAwbAg+fmJNax9Jn2x7n:YuDXTIGaPhEYzUzA0KIs92V
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer