discordrat | 34bd1f86f1c5c37a2200160019e828a16b1d2efa333099814a6c51c075bfd349 | Triage

Submit
Reports

Overview

overview

Static

static

3

vison.exe

windows10-ltsc 2021-x64

Sharing

General

Target

vison.exe
Size

708KB
Sample

241111-bagvssskdn
MD5

51d6819e3fb246c54b31fe8aff8627c0
SHA1

d0b0790c2ec591684ae72588d0aa8d68642a1e4a
SHA256

34bd1f86f1c5c37a2200160019e828a16b1d2efa333099814a6c51c075bfd349
SHA512

c1db0d56c936a079b80cabfbbaec3fc042dea6b765283cb1481193dc05dc55ca313b71d1847935c741672d7bb63e9acef2bbbead4b5b9c5c389c6191ae71f080
SSDEEP

12288:PLMEalqxXblqoRX5qbfphLxaOS3CPqv0Ra6CgLc4rvGSlEkK3dHsZix:DqaXNabfphLxaVSPqvca6COBlaldx

Score

10^/10

discordrat persistence rat rootkit stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

vison.exe

Resource

win10ltsc2021-20241023-en

discordrat persistence rat rootkit stealer

windows10-ltsc 2021-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwNTIyNjM4MTE3MjY3MDQ5NA.GefVhh.4NM9q0Xf2sO6mHqumTUxU-PopzLhDvRYkm6O3A
server_id
1290828168563003412

Targets

- Target
  
  vison.exe
- Size
  
  708KB
- MD5
  
  51d6819e3fb246c54b31fe8aff8627c0
- SHA1
  
  d0b0790c2ec591684ae72588d0aa8d68642a1e4a
- SHA256
  
  34bd1f86f1c5c37a2200160019e828a16b1d2efa333099814a6c51c075bfd349
- SHA512
  
  c1db0d56c936a079b80cabfbbaec3fc042dea6b765283cb1481193dc05dc55ca313b71d1847935c741672d7bb63e9acef2bbbead4b5b9c5c389c6191ae71f080
- SSDEEP
  
  12288:PLMEalqxXblqoRX5qbfphLxaOS3CPqv0Ra6CgLc4rvGSlEkK3dHsZix:DqaXNabfphLxaVSPqvca6COBlaldx
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

© 2018-2024

Terms | Privacy