discordrat | b427f4cc1ac1f00e3ad33e24676646560cf04aee44eeaefa2a9758a08a6f78a5 | Triage

Sharing

General

Target

b427f4cc1ac1f00e3ad33e24676646560cf04aee44eeaefa2a9758a08a6f78a5
Size

795KB
Sample

241128-a9172strbk
MD5

0f3d85879ca1dea6acd30e1222c53993
SHA1

0f16b8bb81f744d78002f11928c63cb1611bec57
SHA256

b427f4cc1ac1f00e3ad33e24676646560cf04aee44eeaefa2a9758a08a6f78a5
SHA512

ab73849179d520bb8719bcb772632f2310832f92a97aae99c8fe04acb721bcc3e4d0f0a16b90316a765d8883b42f26b72f4de1c945679035db5c2d34719da9a5
SSDEEP

24576:FGHCm8uPdJy+x3eWhJ7kUewGIeAfjFb5pI:suWjeW2UPGPAHW

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMTQ0NDk4MTAxMzAyMDc3Mg.Gz_2To.ddyZMlskW5IkWxvZKQxtRRzfz4cgw2XjE4yAu0
server_id
1311378795281776650

Targets

- Target
  
  b427f4cc1ac1f00e3ad33e24676646560cf04aee44eeaefa2a9758a08a6f78a5
- Size
  
  795KB
- MD5
  
  0f3d85879ca1dea6acd30e1222c53993
- SHA1
  
  0f16b8bb81f744d78002f11928c63cb1611bec57
- SHA256
  
  b427f4cc1ac1f00e3ad33e24676646560cf04aee44eeaefa2a9758a08a6f78a5
- SHA512
  
  ab73849179d520bb8719bcb772632f2310832f92a97aae99c8fe04acb721bcc3e4d0f0a16b90316a765d8883b42f26b72f4de1c945679035db5c2d34719da9a5
- SSDEEP
  
  24576:FGHCm8uPdJy+x3eWhJ7kUewGIeAfjFb5pI:suWjeW2UPGPAHW
Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdefense_evasiondiscoverypersistenceratrootkitstealer

behavioral2

discordratdefense_evasiondiscoverypersistenceratrootkitstealer