discordrat | 37882f4164207e92923b63e30c96fa762833603f0967f65102be70b605c631f3 | Triage

Sharing

General

Target

for virutotal ni.zip
Size

45KB
Sample

241024-wv5gtazfql
MD5

1a2368d23f8d860cdfc3ba6bb18536fa
SHA1

cda69dd2f3e6ef00adf3dceb7f403c95030376a7
SHA256

37882f4164207e92923b63e30c96fa762833603f0967f65102be70b605c631f3
SHA512

c030a4c906ed7bb9ae40c0b12f1c000225986fcd79b68f3c4a51eddc9b16614e37dc055ccd113ab598ebd0c37069eba81d52a74d1a40b01dfdf7a02a54fc1499
SSDEEP

768:8g/qN7Df5msVdlrz4XqaKScBdmFITsH9y4FtYs74yRybclk1gz/b75yB4PGyEvkB:rqh5tVvrk6icBd6EsdyjskGrlggv9yBY

Score

10^/10

discordrat njrat farted discovery persistence rat rootkit stealer trojan

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5OTA1NDUwMzg1Mjc3MzQ3OQ.Gam-5g.mMYt_UiACKf3lceb5vBDHE9GHZi685c16_84bo
server_id
1299046739898011668

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

farted

C2

127.0.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  for virutotal ni.zip
- Size
  
  45KB
- MD5
  
  1a2368d23f8d860cdfc3ba6bb18536fa
- SHA1
  
  cda69dd2f3e6ef00adf3dceb7f403c95030376a7
- SHA256
  
  37882f4164207e92923b63e30c96fa762833603f0967f65102be70b605c631f3
- SHA512
  
  c030a4c906ed7bb9ae40c0b12f1c000225986fcd79b68f3c4a51eddc9b16614e37dc055ccd113ab598ebd0c37069eba81d52a74d1a40b01dfdf7a02a54fc1499
- SSDEEP
  
  768:8g/qN7Df5msVdlrz4XqaKScBdmFITsH9y4FtYs74yRybclk1gz/b75yB4PGyEvkB:rqh5tVvrk6icBd6EsdyjskGrlggv9yBY
Score

10^/10

discordrat njrat farted discovery persistence rat rootkit stealer trojan
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

farteddiscordratnjrat

behavioral1

discordratnjratfarteddiscoverypersistenceratrootkitstealertrojan