discordrat | c360484506d3e4f40c274f12edfcf2ceafd8c6e98f806218d24f1262bf29586f | Triage

Submit
Reports

Overview

overview

Static

static

3

Kgcheat.exe

windows10-2004-x64

Resubmissions

29-10-2024 20:57

241029-zrvd8aymat 10

29-10-2024 20:55

241029-zqlexszejm 7

Sharing

General

Target

Kgcheat.rar
Size

727KB
Sample

241029-zrvd8aymat
MD5

158735fce7e36bc88c82c2f4af1e3d27
SHA1

026bebda1e7bde083498921e08f6d37cca41e763
SHA256

c360484506d3e4f40c274f12edfcf2ceafd8c6e98f806218d24f1262bf29586f
SHA512

c7895b0fdad01d8bec2ee0be965c0b94262f255b38393de950c8f8b509924c34b63d8a1d0ad325b0ad67c00ae69eda0d72df52f9061f4d4a348a804d316c93a0
SSDEEP

12288:zxYV4f2I4LJdqK8cVv0wQY7cHBLiYxh8wTgnXLQyW1XsvnUwHW0Jqefgh7MaTHM/:z+04+2VvT3lhTnXBgXsHW21fO3HM/

Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Kgcheat.exe

Resource

win10v2004-20241007-en

discordrat discovery persistence rat rootkit spyware stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5ODgxODUyMzk0NjI4NzEyNA.GpyuQB.QlHqnz-dbIht50cFUATJeGkye7tbkFnlRsHYAE
server_id
1298864586409250888

Targets

- Target
  
  Kgcheat.exe
- Size
  
  1.1MB
- MD5
  
  cfeee3c91e88223cdf73628e32aa0ac7
- SHA1
  
  9aed5554df0198884824667b24f88f65a114c49b
- SHA256
  
  d6677579355c01a07792d6ed3678b6e7711111e326f6147a3b447634b5cec5f4
- SHA512
  
  60be26bafec0aa86c1487fa26210ec2328f86634a5a7037be47090b68a016c50a57130ebdd9a05b1a32465b49be99cdc60cb375080d51bccc4f7478be875d22c
- SSDEEP
  
  24576:AuDXTIGaPhEYzUzA0YT9mf+g8Gd4HXdTbX5U2ZFskFzZ+0:vDjlabwz9YTkwGd43BX5U2Ykvx
Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer upx
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitspywarestealerupx

© 2018-2024

Terms | Privacy