discordrat | 27475195aa8a2be0e78555401a6e2cc37829ac96c81587cbd0a7d962c62d8a50 | Triage

Resubmissions

25-11-2024 02:45

241125-c86ggstrbs 10

Sharing

General

Target

Rc7.rar
Size

15.9MB
Sample

241125-c86ggstrbs
MD5

8e0943663c0cf68f434518ffda48dc16
SHA1

aa6037af08821f95d6c579b87765c53dc9e54890
SHA256

27475195aa8a2be0e78555401a6e2cc37829ac96c81587cbd0a7d962c62d8a50
SHA512

d81208ead32ebe19b6799f1c64b7cedb9efacc13371e3d5b591fdbfbf785b4a1aa1398c617573e998bb77ee0a4acf7a27e7a7e6936f40aceb46fe2c714dbb872
SSDEEP

393216:KLh5PO8Vh5kvYvJfQWeRhwGfwrZ47AGdrVa/Fk:WbmwbFvJqwGfwru77eFk

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4NjE0MzA5OTUzNzQ1NzIxNQ.GWPghN.pOcVC1-GttT7g7mX5LCtvswPNzetFbPhF0yZ7Y
server_id
1191567918606073917

Targets

- Target
  
  Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

1^/10
behavioral1 behavioral2
- Target
  
  Fluxteam_net_API.dll
- Size
  
  6.2MB
- MD5
  
  2295c5b937ea6facd25a4aed6546cd69
- SHA1
  
  d9891e3086820f4caa10d3e8e0e754672da5f505
- SHA256
  
  a0c6057548ec5f2294f16ab6cdec2bd101d23970bf7e96ee271093c1946f26ea
- SHA512
  
  5f2f51bb012c73d0f197bab866c92e38157ef2ed40041ed9f3f70bd6a5a13964156cbeabbea9902622b1f4a5369ba7c14cfb15c95c280cf8e6dd129fef75eddf
- SSDEEP
  
  196608:in1xmGmh3ySCjpRFW7bpvCwZqkaGXUc8zjPb:iIxyZpjW/pvLCPP
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Module.dll
- Size
  
  5.7MB
- MD5
  
  d16eadd68cb9a089cae43f140f52320f
- SHA1
  
  9b23db67feaa34ce5f7e99416b9199cb7a12deb1
- SHA256
  
  00afd9476611d6e2dc4bbacfc3785cde7716b171493ab4f4495a2a0f7f22ed4c
- SHA512
  
  e221276298b8b0f101ef3891fb78573113adacc9d65e0947ca9f1ff17fe9ef376d78b7c4dd1b5bcf92f277421c8bca86675dff1b1594f5ae717dc5d33964dfc6
- SSDEEP
  
  98304:4VbgLIr1y4wMF5MeuIXzh/lgQ/6S5Voie:4C8/uVG/X
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Rc7.exe
- Size
  
  78KB
- MD5
  
  913165fa890fddf2d9dbe661afaff5de
- SHA1
  
  f4f344767687119dea141b6aad109aea01a9376e
- SHA256
  
  34ad0586c0619f8bec4455099637ea7e63579851a9d89d67ce200c89c951f129
- SHA512
  
  95365c08340c5df3413597da492158afbe9b9f46093b1dddff6848af3cdcd76daa28b7b0607c4691f69bf1d20c4f474790f64e409b38ddaece26f8b4a944147b
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+PPIC:5Zv5PDwbjNrmAE+3IC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  gamesense_api.dll
- Size
  
  302KB
- MD5
  
  b775750b4e8cef6ba90a4468e45a42af
- SHA1
  
  d0caa39b8812878d6953ade3b7eaed582ef128a7
- SHA256
  
  d86851b58ff4503ce803230934266efc3039201ab35d1f795d44a68b5109d11c
- SHA512
  
  f6dec7414fe552f37be8f3374f7e3b2ed49ca56e81beaafb6412d36cdec11ce3af20d69815613e3a0193ffebb8c2813d0da03b952128d2a3b9e70f9cae5e800f
- SSDEEP
  
  6144:hxxiw0qvLJXnlUGujCtjno6itQl+REw6FMG/UHQS8PUHIRA8yVYtFm6axHUN:JkqjVnl36ud0zR/6CtQ9PUHIG8DnN
Score

1^/10
behavioral10 behavioral9
- Target
  
  qdRFzx.exe
- Size
  
  13KB
- MD5
  
  570dda71a3e0e9c60465872fc5931c55
- SHA1
  
  e1e8f92739a53f9b7e32fa89969174e386427756
- SHA256
  
  a8e7f1d1fb0a4583e8adabc4c44c1cc164fdc6be00eb494aa94e714654ef3c22
- SHA512
  
  d84a25ad82f7326c826f2b35bbfc348327423cc3178c767234676a395002edf5dfd43febb57b4e1e1842ed757abb4171b920c085e4cdf32f1f3f5d0b4a36c914
- SSDEEP
  
  192:bNYAX3Fk9EGZV3kF+mmY3jjeDqIexhhdq98DSmLAjX30JS0RB1lb7piW3+:bNn1kllkF+mtPeDmxhy98Dvb9iW3
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

discordratpersistenceratrootkitstealer

behavioral8

discordratpersistenceratrootkitstealer

behavioral9

behavioral10

behavioral11

behavioral12