discordrat | 4b3249c78c50f2f2cdb9befa5a8a0c6f1060f617d4baa0602e8bff3bb91c8cc8 | Triage

Sharing

General

Target

HardAC.zip
Size

81KB
Sample

241123-pxjjssvlgy
MD5

db6360e86bbf2d6ca18464eace469858
SHA1

385e5ca80847a44be6a2a6d6eecf64d083adda09
SHA256

4b3249c78c50f2f2cdb9befa5a8a0c6f1060f617d4baa0602e8bff3bb91c8cc8
SHA512

42ded51feaa85a8bfc280a21d5b431e5b81feb995ea25beb8f7f27ee9e877308ee1a95dbd005f0a5f2604e5091eff1d680aceed8a9feefc49643363859e003ee
SSDEEP

1536:049d1sGPIHQAPNJo4MKp4QLxgrZC7xgPO7T+EtkuaUbbNcGtOsZ4S0ux7qMf4H+e:0efbhWgBKew44xgItkuaUNc1sZvp7L4t

Score

10^/10

discordrat discovery persistence ransomware rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwOTYxMDc0MTgzNzU5NDcwNQ.GjVcMg.PxEOfc7OAMHHzxt0OgOgfExaZIarA9jXdHoqTI
server_id
1309598138776162314

Targets

- Target
  
  net6.0/HardAntiCheat.exe
- Size
  
  147KB
- MD5
  
  26cbc4c30f31bf1f3038edab23ebb203
- SHA1
  
  def825211a357f4a195c45e469edc7d52a713b09
- SHA256
  
  d47c9ed0a5f0ddce20c786251eedfe119e929f6c9d9aaf835fc3f472b8e4a724
- SHA512
  
  7c960d654473c66efe0e66f73a6ff9177eccdbeb6baeda6b56cc34b4630db4bf5f90ac3c08f875ddda646e64d4822e8eadaf487ea2dc497d1fffb075532805a6
- SSDEEP
  
  3072:K5vnr5Tbx829UOeKnn2LFzZBp13u36wKp4FULCzo1:KBKjK2LFzZNf+UL2
Score

10^/10

discordrat discovery persistence ransomware rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discordratdiscoverypersistenceransomwareratrootkitspywarestealer