discordrat | 9c2b448db764a47f1379aeddd6e0d59ef0325e0dd8d046cff5bdbe8c5c603d00 | Triage

Sharing

General

Target

segz‮‮gpj.exe
Size

928KB
Sample

240811-tnabzswhnl
MD5

a30f489a124d3944db68ae2b8b86f44e
SHA1

0e1c7b0c81665bc6b7dd46ba35c3a2a4b1c9cffd
SHA256

9c2b448db764a47f1379aeddd6e0d59ef0325e0dd8d046cff5bdbe8c5c603d00
SHA512

9e7a548d48be22587ab111339f349af5823906a130d7767c9d5c22bca6f99a5f964922b8ae1812e9b0418b9bf70717ee2810bc69d5d6818adda6eef7eb14a15c
SSDEEP

24576:puDXTIGaPhEYzUzA0qhWWwZQ0TkRTuM8EAn40Q:MDjlabwz9hkRTMEk40Q

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3MjIyMjI4MjUzNzg5NDAxMA.GNktU2.IT6BXomGu9aAgnt_KiuwO0plIJh1MHckpqtNV0
server_id
1272222756875800707

Targets

- Target
  
  segz‮‮gpj.exe
- Size
  
  928KB
- MD5
  
  a30f489a124d3944db68ae2b8b86f44e
- SHA1
  
  0e1c7b0c81665bc6b7dd46ba35c3a2a4b1c9cffd
- SHA256
  
  9c2b448db764a47f1379aeddd6e0d59ef0325e0dd8d046cff5bdbe8c5c603d00
- SHA512
  
  9e7a548d48be22587ab111339f349af5823906a130d7767c9d5c22bca6f99a5f964922b8ae1812e9b0418b9bf70717ee2810bc69d5d6818adda6eef7eb14a15c
- SSDEEP
  
  24576:puDXTIGaPhEYzUzA0qhWWwZQ0TkRTuM8EAn40Q:MDjlabwz9hkRTMEk40Q
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer