discordrat | 33e31fc2206536e98b2c63fe07cf9e862d355f339f39da22ce63e2b114a2971f | Triage

Sharing

General

Target

33e31fc2206536e98b2c63fe07cf9e862d355f339f39da22ce63e2b114a2971f
Size

883KB
Sample

241128-a92htaxrhz
MD5

cfb50900d157c73a0c99bf8ae447d957
SHA1

8e41ff604483cf2e9076a0efd761024ac3f66831
SHA256

33e31fc2206536e98b2c63fe07cf9e862d355f339f39da22ce63e2b114a2971f
SHA512

ccbd36c7074712f2e7529d7e9ce0aaa4b496c6284fc5a1c35cda15c799d9db2b8064fbe7db1aae234db18687a0e9b1b08bdfc93555a5fdab4c814e7533e65143
SSDEEP

24576:FGHCm8uPdJy+x3eo7kUewGIeAfjFb5p/+d:suWjetUPGPAH0

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMTQ0NDk4MTAxMzAyMDc3Mg.Gz_2To.ddyZMlskW5IkWxvZKQxtRRzfz4cgw2XjE4yAu0
server_id
1311378795281776650

Targets

- Target
  
  33e31fc2206536e98b2c63fe07cf9e862d355f339f39da22ce63e2b114a2971f
- Size
  
  883KB
- MD5
  
  cfb50900d157c73a0c99bf8ae447d957
- SHA1
  
  8e41ff604483cf2e9076a0efd761024ac3f66831
- SHA256
  
  33e31fc2206536e98b2c63fe07cf9e862d355f339f39da22ce63e2b114a2971f
- SHA512
  
  ccbd36c7074712f2e7529d7e9ce0aaa4b496c6284fc5a1c35cda15c799d9db2b8064fbe7db1aae234db18687a0e9b1b08bdfc93555a5fdab4c814e7533e65143
- SSDEEP
  
  24576:FGHCm8uPdJy+x3eo7kUewGIeAfjFb5p/+d:suWjetUPGPAH0
Score

10^/10

discordrat discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitstealer

behavioral2

discordratdiscoverypersistenceratrootkitstealer