discordrat | a61e602cb784d78f33f6d18bd66181b99978665a5097c139b2846b87e1c4a063 | Triage

Sharing

General

Target

New folder.zip
Size

45KB
Sample

241024-w1gyps1aqh
MD5

b34610d72838dde5c44bd6997a48c903
SHA1

e46153efe2a2bcafd9fa03be46ca67fe6ad20b8d
SHA256

a61e602cb784d78f33f6d18bd66181b99978665a5097c139b2846b87e1c4a063
SHA512

d4ee7a8bfddbe9c948955c64912f5588ba07abb7fac4da5c9b1267397e961a8aafec0e91044de25be7b77fe2f299b71969866fc3b842535553c6954a84f5da4f
SSDEEP

768:Yg/qN7Df5msVdlrz4XqaKScBdmFITsH9y4FtYs74yRybclk1gGdxR4PipLqHZu3+:Hqh5tVvrk6icBd6EsdyjskGrlggGdxrs

Score

10^/10

discordrat njrat farted discovery persistence rat rootkit stealer trojan

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5OTA1NDUwMzg1Mjc3MzQ3OQ.Gam-5g.mMYt_UiACKf3lceb5vBDHE9GHZi685c16_84bo
server_id
1299046739898011668

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

farted

C2

5.tcp.eu.ngrok.io:13824

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  New folder.zip
- Size
  
  45KB
- MD5
  
  b34610d72838dde5c44bd6997a48c903
- SHA1
  
  e46153efe2a2bcafd9fa03be46ca67fe6ad20b8d
- SHA256
  
  a61e602cb784d78f33f6d18bd66181b99978665a5097c139b2846b87e1c4a063
- SHA512
  
  d4ee7a8bfddbe9c948955c64912f5588ba07abb7fac4da5c9b1267397e961a8aafec0e91044de25be7b77fe2f299b71969866fc3b842535553c6954a84f5da4f
- SSDEEP
  
  768:Yg/qN7Df5msVdlrz4XqaKScBdmFITsH9y4FtYs74yRybclk1gGdxR4PipLqHZu3+:Hqh5tVvrk6icBd6EsdyjskGrlggGdxrs
Score

10^/10

discordrat njrat farted discovery persistence rat rootkit stealer trojan
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

farteddiscordratnjrat

behavioral1

discordratnjratfarteddiscoverypersistenceratrootkitstealertrojan