discordrat | 82732970819d94679571bd75e125145f248f53da7b9a1610c2c8e15723e9a568 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows11-21h2-x64

Resubmissions

14-10-2024 13:35

241014-qv4bvssbpr 10

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

241014-qv4bvssbpr
MD5

1d314f1fc8fae5c78a202bec555064bf
SHA1

c8b4c16f29bdc357052a1e35b5129c788de30f15
SHA256

82732970819d94679571bd75e125145f248f53da7b9a1610c2c8e15723e9a568
SHA512

0484e39eafdcc0a9f7783f9f19286c6410281826cc067e5bfd8940033d29e69c1e0ab5b1b6f8ce432ffa516e4a6ce8bc00ad06854c52d7102b1363ee546fcc6a
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC

Score

10^/10

discordrat defense_evasion discovery persistence privilege_escalation ransomware rat rootkit stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win11-20241007-it

discordrat defense_evasion discovery persistence privilege_escalation ransomware rat rootkit stealer

windows11-21h2-x64

27 signatures

1800 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5NTMzNzg4MDY3MTA5Mjc0Nw.GtMwkk.5Wt5mYxAlm7wuZHi-xyeGjfs8FGFRwJHrIkZ6I
server_id
1295337779596759112

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  1d314f1fc8fae5c78a202bec555064bf
- SHA1
  
  c8b4c16f29bdc357052a1e35b5129c788de30f15
- SHA256
  
  82732970819d94679571bd75e125145f248f53da7b9a1610c2c8e15723e9a568
- SHA512
  
  0484e39eafdcc0a9f7783f9f19286c6410281826cc067e5bfd8940033d29e69c1e0ab5b1b6f8ce432ffa516e4a6ce8bc00ad06854c52d7102b1363ee546fcc6a
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC
Score

10^/10

discordrat defense_evasion discovery persistence privilege_escalation ransomware rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Abuse Elevation Control Mechanism: Bypass User Account Control
  UAC Bypass Attempt via SilentCleanup Task.
  defense_evasion privilege_escalation
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Indicator Removal

Clear Windows Event Logs

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discordratdefense_evasiondiscoverypersistenceprivilege_escalationransomwareratrootkitstealer

© 2018-2024

Terms | Privacy