discordrat | 4a3039faf0def4395541ea3a4a2affd88b645c5385f5a9025cd28239e613b94e | Triage

Sharing

General

Target

hitler.exe
Size

469KB
Sample

241016-ge9n9szcrn
MD5

aee98171c7978c9a97365da541479d77
SHA1

cd2d1d42009d77a20e840494b79780bf0b4bbc2d
SHA256

4a3039faf0def4395541ea3a4a2affd88b645c5385f5a9025cd28239e613b94e
SHA512

adb761414b62ffdf516d3cd781e64e2dc449ad7bed5a51f2b63301f4db6e3c2678662dcc487e63e0a9b196d6f83e03b11069c730ee187631da550c46aa24902d
SSDEEP

12288:LyveQB/fTHIGaPkKEYzURNAwbAg84inMJ6P:LuDXTIGaPhEYzUzA0qdncG

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5NTA4OTg3NTc5NTcwOTk2Mg.GnVjZo.5Vtl7OnWQwzVH8U1m6Q1yEtqw02OdG5o5V8N9o
server_id
1295089763929297080

Targets

- Target
  
  hitler.exe
- Size
  
  469KB
- MD5
  
  aee98171c7978c9a97365da541479d77
- SHA1
  
  cd2d1d42009d77a20e840494b79780bf0b4bbc2d
- SHA256
  
  4a3039faf0def4395541ea3a4a2affd88b645c5385f5a9025cd28239e613b94e
- SHA512
  
  adb761414b62ffdf516d3cd781e64e2dc449ad7bed5a51f2b63301f4db6e3c2678662dcc487e63e0a9b196d6f83e03b11069c730ee187631da550c46aa24902d
- SSDEEP
  
  12288:LyveQB/fTHIGaPkKEYzURNAwbAg84inMJ6P:LuDXTIGaPhEYzUzA0qdncG
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer