discordrat | a6fb6e92dd59821ace2d2d656fcef7d2626549d08d7a9e52128c26ecb0540fce | Triage

Submit
Reports

Overview

overview

Static

static

3

MONSTERspoofer.exe

windows10-2004-x64

MONSTERspoofer.exe

windows11-21h2-x64

Resubmissions

04-10-2024 13:00

241004-p8pvysvfrr 10

01-10-2024 02:20

241001-cswx4swcqk 10

Sharing

General

Target

MONSTERspoofer.exe
Size

1.2MB
Sample

241004-p8pvysvfrr
MD5

c3a422c8bfcfeb9652be8a313f5282a1
SHA1

67a4ed15aef79cad2fc20a89712bb21c241c7b56
SHA256

a6fb6e92dd59821ace2d2d656fcef7d2626549d08d7a9e52128c26ecb0540fce
SHA512

61a2d5ba690a2641bca6e62726096a38f5d32b7403d7afa0a9d213208eaf3b0c51328f5c34452894db388eafebc80ae3c7ac4ba82e55553db29388c9b8c596d6
SSDEEP

24576:iuDXTIGaPhEYzUzA0qQlsYB/CONxCOZRUvXUaUfWd2ucScKDxP+Ua8:lDjlabwz9DVBKONtRUv85yx73

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

MONSTERspoofer.exe

Resource

win10v2004-20240802-en

discordrat discovery persistence rat rootkit stealer

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

MONSTERspoofer.exe

Resource

win11-20240802-en

discordrat discovery persistence rat rootkit stealer

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5MDQwNTk0MjMwNjc5OTY0OA.GPNnkH.G8_UXZHPr4SDr15gYrkcD-QvN2Vo_UWuinxjDQ
server_id
1290406547163316309

Targets

- Target
  
  MONSTERspoofer.exe
- Size
  
  1.2MB
- MD5
  
  c3a422c8bfcfeb9652be8a313f5282a1
- SHA1
  
  67a4ed15aef79cad2fc20a89712bb21c241c7b56
- SHA256
  
  a6fb6e92dd59821ace2d2d656fcef7d2626549d08d7a9e52128c26ecb0540fce
- SHA512
  
  61a2d5ba690a2641bca6e62726096a38f5d32b7403d7afa0a9d213208eaf3b0c51328f5c34452894db388eafebc80ae3c7ac4ba82e55553db29388c9b8c596d6
- SSDEEP
  
  24576:iuDXTIGaPhEYzUzA0qQlsYB/CONxCOZRUvXUaUfWd2ucScKDxP+Ua8:lDjlabwz9DVBKONtRUv85yx73
Score

10^/10

discordrat discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitstealer

behavioral2

discordratdiscoverypersistenceratrootkitstealer

© 2018-2025

Terms | Privacy