discordrat | 7579c4ce51e780841d1a2dd2c83e3dde93441a84a488316dbd19d1e3a0cf03c4 | Triage

Sharing

General

Target

ggsploit.zip
Size

309KB
Sample

241006-kcbw1awdml
MD5

37370dccbd95f63e49593a17cb3929aa
SHA1

1a4d8f94634753440fb570eb20e259f57cbb7308
SHA256

7579c4ce51e780841d1a2dd2c83e3dde93441a84a488316dbd19d1e3a0cf03c4
SHA512

6e7b231237a70f6c57e4135b2be32432c83ac74b1de5de77c2b85f806c0060889a99b9cda8cd32c374a02a092ea77af143feed21614644eea8548c4ac817f01c
SSDEEP

6144:gIw5OkChoEFViKBpHL2tJMDBvOSuC+ULfkZ4bbrOK2sVW5KquT2ofj:gXs4GprSGVuChL8c/OK2sVW5vU

Score

10^/10

discordrat remcos ggsploit v1.2.2 discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5MDc3NzUxNTM1NDIyNjY5OQ.GRewL1.rZmEWtyFw1xziPUaWh2BVUvRwh05H7FaxQvvbM
server_id
1290772191046139915

Extracted

Family

remcos

Version

5.1.3 Light

Botnet

ggsploit V1.2.2

C2

127.0.0.1:4444

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-IY8ZNV
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  ggsploit V1.2.4.exe
- Size
  
  78KB
- MD5
  
  63f4d849f06b2d5299132c7a49d9951d
- SHA1
  
  39d400642e22b0b13044a92c52895d879b7130d1
- SHA256
  
  ce1fcacce7353155439f4064d90b2c6996be833666a6fc8cb58fcc9874aaa204
- SHA512
  
  63f2ac4eda24973c3a003d30c93debe132be8f357fb1089f5169bd4ef54a0bef7c1794be8f83f4c60f0eb34df797c909f05e692987bd4c7682270d558f69375e
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
behavioral1 behavioral2
- Target
  
  unins000.exe
- Size
  
  430KB
- MD5
  
  f07c34de89f91cdf9379f051a1135c7c
- SHA1
  
  a161b99283640266188c3b66b864555d0f91a5f3
- SHA256
  
  69a5b8d0c2b1f72db5f4afdb29926b1d919225f46c2b6f3022a556ac136c3a6e
- SHA512
  
  ab83d283974c59ac2c3aced51a536f41b253b62272a11bb1782f3a47beda800f1230b8d376d8366d72db75cb37482cf9aef6a4fa7e4acd18fe445f4e1cfc9064
- SSDEEP
  
  6144:svRscHtVzjwIRFzJZ2p26+jFWXYnj9iT2ebvXmUcCqkmAO2rjXH7ycDt3:svRs4OIm2hWX4U2ebvRUAr7773
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ggsploit v1.2.2discordratremcos

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer

behavioral3

behavioral4