discordrat | 9cf275aa00ea220c46208cb78644b875c9aedc05b8291594f815d3bafb37cf09 | Triage

Sharing

General

Target

amg.jpg.exe
Size

577KB
Sample

241014-vtlsmswfkb
MD5

aae034782a7817407e6f2539db1af529
SHA1

e8ef5aa3580f588af555df19bbc79da4fa3b6e3a
SHA256

9cf275aa00ea220c46208cb78644b875c9aedc05b8291594f815d3bafb37cf09
SHA512

6c8c776a0aaf6db95334d095776c03eef04508c61e7ad81094a0664b72b5c67fba695dd96c47db4fd030ee8fc7361408cff80a9f88f11ba1edbeb7270317e4aa
SSDEEP

12288:RyveQB/fTHIGaPkKEYzURNAwbAg8M2uaNZtfb/33zb9uHZjm:RuDXTIGaPhEYzUzA0qFZtzDJ4m

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3Mzc4Nzg5NDkwMDk4MTc5MQ.GFavLP.EaJRoRwBcf74Z83FISIpZMktm2FL0XBkR_whPE
server_id
1273773393224663050

Targets

- Target
  
  amg.jpg.exe
- Size
  
  577KB
- MD5
  
  aae034782a7817407e6f2539db1af529
- SHA1
  
  e8ef5aa3580f588af555df19bbc79da4fa3b6e3a
- SHA256
  
  9cf275aa00ea220c46208cb78644b875c9aedc05b8291594f815d3bafb37cf09
- SHA512
  
  6c8c776a0aaf6db95334d095776c03eef04508c61e7ad81094a0664b72b5c67fba695dd96c47db4fd030ee8fc7361408cff80a9f88f11ba1edbeb7270317e4aa
- SSDEEP
  
  12288:RyveQB/fTHIGaPkKEYzURNAwbAg8M2uaNZtfb/33zb9uHZjm:RuDXTIGaPhEYzUzA0qFZtzDJ4m
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer