discordrat | dcb31b4f27169702996ef9789d758288bb010c26501f6629455bd95dd53d9039 | Triage

Submit
Reports

Overview

overview

Static

static

release.zip

windows10-ltsc 2021-x64

Sharing

General

Target

release.zip
Size

445KB
Sample

241130-zahzvsylcn
MD5

8dde06db117cfef8cb8dd92bcad80973
SHA1

505f0d3909f8eeabd65849cd1467b539f78e0397
SHA256

dcb31b4f27169702996ef9789d758288bb010c26501f6629455bd95dd53d9039
SHA512

826bf89d827bff48a28b9669f7d46c4ab0a06fcc3851aeab1ea07d0d65cff985071a820fdc0707048239a4760358071a3eea059c277bc0cf52d1a86ac4adc353
SSDEEP

12288:BfJ13+GoLo2d5ifXHE8134QwYOwFSFRiLQq:BKGo8EifSQwYWq

Score

10^/10

discordrat discovery persistence phishing rat rootkit stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

release.zip

Resource

win10ltsc2021-20241023-en

discordrat discovery persistence phishing rat rootkit stealer

windows10-ltsc 2021-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  release.zip
- Size
  
  445KB
- MD5
  
  8dde06db117cfef8cb8dd92bcad80973
- SHA1
  
  505f0d3909f8eeabd65849cd1467b539f78e0397
- SHA256
  
  dcb31b4f27169702996ef9789d758288bb010c26501f6629455bd95dd53d9039
- SHA512
  
  826bf89d827bff48a28b9669f7d46c4ab0a06fcc3851aeab1ea07d0d65cff985071a820fdc0707048239a4760358071a3eea059c277bc0cf52d1a86ac4adc353
- SSDEEP
  
  12288:BfJ13+GoLo2d5ifXHE8134QwYOwFSFRiLQq:BKGo8EifSQwYWq
Score

10^/10

discordrat discovery persistence phishing rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- A potential corporate email address has been identified in the URL: currency-file@1
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistencephishingratrootkitstealer

© 2018-2024

Terms | Privacy