discordrat | 9cf275aa00ea220c46208cb78644b875c9aedc05b8291594f815d3bafb37cf09 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

amg.jpg.exe

windows7-x64

amg.jpg.exe

windows10-2004-x64

Sharing

General

Target

amg.jpg.exe
Size

577KB
Sample

241014-vtlsmswfkb
MD5

aae034782a7817407e6f2539db1af529
SHA1

e8ef5aa3580f588af555df19bbc79da4fa3b6e3a
SHA256

9cf275aa00ea220c46208cb78644b875c9aedc05b8291594f815d3bafb37cf09
SHA512

6c8c776a0aaf6db95334d095776c03eef04508c61e7ad81094a0664b72b5c67fba695dd96c47db4fd030ee8fc7361408cff80a9f88f11ba1edbeb7270317e4aa
SSDEEP

12288:RyveQB/fTHIGaPkKEYzURNAwbAg8M2uaNZtfb/33zb9uHZjm:RuDXTIGaPhEYzUzA0qFZtzDJ4m

Score

10^/10

discordrat persistence rat rootkit stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

amg.jpg.exe

Resource

win7-20241010-en

discordrat persistence rat rootkit stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

amg.jpg.exe

Resource

win10v2004-20241007-en

discordrat persistence rat rootkit stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3Mzc4Nzg5NDkwMDk4MTc5MQ.GFavLP.EaJRoRwBcf74Z83FISIpZMktm2FL0XBkR_whPE
server_id
1273773393224663050

Targets

- Target
  
  amg.jpg.exe
- Size
  
  577KB
- MD5
  
  aae034782a7817407e6f2539db1af529
- SHA1
  
  e8ef5aa3580f588af555df19bbc79da4fa3b6e3a
- SHA256
  
  9cf275aa00ea220c46208cb78644b875c9aedc05b8291594f815d3bafb37cf09
- SHA512
  
  6c8c776a0aaf6db95334d095776c03eef04508c61e7ad81094a0664b72b5c67fba695dd96c47db4fd030ee8fc7361408cff80a9f88f11ba1edbeb7270317e4aa
- SSDEEP
  
  12288:RyveQB/fTHIGaPkKEYzURNAwbAg8M2uaNZtfb/33zb9uHZjm:RuDXTIGaPhEYzUzA0qFZtzDJ4m
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.