discordrat | hxxps://filetransfer[.]io/data-package/n0Wqebxu#link | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://filetransfer...

windows10-2004-x64

Resubmissions

07-10-2024 02:05

241007-ch6dsstbkd 10

07-10-2024 02:02

241007-cf75lstakd 10

Sharing

General

Target

https://filetransfer.io/data-package/n0Wqebxu#link
Sample

241007-ch6dsstbkd

Score

10^/10

discordrat defense_evasion discovery persistence privilege_escalation rat rootkit stealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://filetransfer.io/data-package/n0Wqebxu#link

Resource

win10v2004-20240802-en

discordrat defense_evasion discovery persistence privilege_escalation rat rootkit stealer

windows10-2004-x64

26 signatures

1800 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMzU4NDcwMzAxNDA0MzczOA.G5gvU3.iXtPKXjmWkHoW5yr2PNn40t0ft_Fzq8gjWiFNI
server_id
1287154116333666328

Targets

- Target
  
  https://filetransfer.io/data-package/n0Wqebxu#link
Score

10^/10

discordrat defense_evasion discovery persistence privilege_escalation rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Abuse Elevation Control Mechanism: Bypass User Account Control
  UAC Bypass Attempt via SilentCleanup Task.
  defense_evasion privilege_escalation
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Indicator Removal

Clear Windows Event Logs

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

discordratdefense_evasiondiscoverypersistenceprivilege_escalationratrootkitstealer

© 2018-2025

Terms | Privacy