blankgrabber | 2f61631dd0ba599bb8c49d131667acdb9b5732ccacc36f1e2daa430d676a493c

General

Target

1.exe
Size

7.7MB
Sample

240929-1fg57a1gpr
MD5

aae615342536753130bd1d5e8237e9fb
SHA1

7d2daea635dff89972006b162be6dd2be1f18b71
SHA256

2f61631dd0ba599bb8c49d131667acdb9b5732ccacc36f1e2daa430d676a493c
SHA512

385f1ae3616dd3074d7beb930269b134a07f1b4593b84edd993dd7f7ad7a30ef54630a87bc3db872ed431e473fe8b37587d439742d747a51e1900d7828f34099
SSDEEP

196608:je0YCAeNTfm/pf+xk4dfrl7RptrbWOjgrG:Asy/pWu4NpRptrbvMrG

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4OTU5MTU3OTc0NDY2NTYwMQ.G59gK6.pTTAFMCAOLdVTFHpDhN9HLghhBJ8ROJ9r3Sw6Q
server_id
1289604307905413142

Targets

- Target
  
  1.exe
- Size
  
  7.7MB
- MD5
  
  aae615342536753130bd1d5e8237e9fb
- SHA1
  
  7d2daea635dff89972006b162be6dd2be1f18b71
- SHA256
  
  2f61631dd0ba599bb8c49d131667acdb9b5732ccacc36f1e2daa430d676a493c
- SHA512
  
  385f1ae3616dd3074d7beb930269b134a07f1b4593b84edd993dd7f7ad7a30ef54630a87bc3db872ed431e473fe8b37587d439742d747a51e1900d7828f34099
- SSDEEP
  
  196608:je0YCAeNTfm/pf+xk4dfrl7RptrbWOjgrG:Asy/pWu4NpRptrbvMrG
Score

10^/10

upx discordrat discovery execution persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Enumerates processes with tasklist

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2