discordrat | b5721d616aa2e9770be2e87a56f670f1c2db6bc7e44c2b2bad731fbd4cb196f5 | Triage

Sharing

General

Target

mHzqh5O.zip
Size

2.8MB
Sample

241201-epln3swng1
MD5

2eb8b94625711bd6dcd16ae827578e76
SHA1

28abbf3a8e54ba0a183398e344800ac4b54948d2
SHA256

b5721d616aa2e9770be2e87a56f670f1c2db6bc7e44c2b2bad731fbd4cb196f5
SHA512

74f2573a4cdba1f9094ad8174f09d2ec91d80c54a261e1193961d24ce858d800103544018f8587b8cf34295cfe4199207b36eb87677eadde0a5b25dac293a8a9
SSDEEP

49152:01Bt3Ii6i+chPwb56vkIwKIFdZyn+4pWpm380tZQuykvBQtLyaErxtNfRTiTI98e:01Bi5yP86sIwKAC3tZQ3kvBQtLXSzNf5

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMjYwNjY0NDYwOTM1NTg2Nw.GmiBbD.BxOkmi6_jSm3KiEBfaoI7z9GP_TE4zxloC3fjo
server_id
1312606556201681018

Targets

- Target
  
  Project Ligma.exe
- Size
  
  25KB
- MD5
  
  4b905d058730d8f822acb3c5403025b3
- SHA1
  
  8d42b34ac05c33a2785ce4294a23cff4c3b1c735
- SHA256
  
  56e006657d3057aa8853ae37f16bd07dd9467344190fabf6f809ae1c6bde56a0
- SHA512
  
  4d31828f8684d6492a501bf8205994db394de77ea0516720aa703a5968095e358b226b23060ae0243771867df01c71800697fdb610bf8c6620657757c54646aa
- SSDEEP
  
  384:BDzUkIdjc9kyecBWZNgTEp3trMrsNleNf88uuagE9WRPagdF9dofRmVukvwKwq6V:BVeiSv9Nlsf88uycYLd3dAcjq
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  bin/Xeno.dll
- Size
  
  961KB
- MD5
  
  b7a51ddc46e35cc4353e019c5c8d66dd
- SHA1
  
  9b9b3ae0d3cf7193dc991a243ba433fbc3da84f6
- SHA256
  
  33e10a804ce9d92fb11094fb92ecbf5978135fe0339a7108123e987562b9b909
- SHA512
  
  f940b009c76d5f6168155352f1de651470e319a2b0fe4e78ba4e4750eb766c7cb70f8d83e15810361e9bc0110459304b880764ccd48f6e2ab31d4caa9e823ca1
- SSDEEP
  
  12288:KUJu0NDNwqJ3Uij6zLdZNzLn/IUtsFfFrILE5pT8T145zvQ4KkTLm01M:XpwAkij6NZZMUtsxFrGE/TvU4KkTL
Score

1^/10
behavioral3 behavioral4
- Target
  
  bin/libcrypto-3-x64.dll
- Size
  
  4.5MB
- MD5
  
  be0f6d1d60e149cedaca33a04963e05f
- SHA1
  
  b686e1ed9ae47b8ae803a5d9e912b0e631bc4217
- SHA256
  
  81a5fe6cd0ef5b083e5c4bdb6a40a30bfb1b0de15a9dfad459de2d6a36d94f86
- SHA512
  
  7b39dd8c70286ec4fe61cb2c3c12062f2dcbdda607c2f14c4f983741026f6aa62b60f9e983204949395cc54b5ebf6426c0f8300e0e385c35c1f2f3847160d7ff
- SSDEEP
  
  98304:5l+f+Kv6t8y37re39P6k1CPwDvt3uFGCC:/Cyt8yLre39yk1CPwDvt3uFGCC
Score

1^/10
behavioral5 behavioral6
- Target
  
  bin/libssl-3-x64.dll
- Size
  
  802KB
- MD5
  
  733e3b58ee1760a442fec4712848c3ad
- SHA1
  
  529206caad19cce2424323bc29a9fb9a4bbd3e76
- SHA256
  
  159198cb8e740f9ad5918b51503121fd1b7e70460f6a4f6a6aa27576bbfa31c7
- SHA512
  
  10835ff09e35d8acb2739707219905b3ae2870af973d8f80040baeb732eb798fa93ef1bc599ad9898aff8e20ee21aa1f5e5e07340eda205aa938fc001cd83a88
- SSDEEP
  
  12288:uDYDcpeu9jFBOBJfbudc68KqLie1+jKMwmUxlcdEVB3ks:usM9jFr8OeW5wmNdEVB3k
Score

1^/10
behavioral7 behavioral8
- Target
  
  bin/xxhash.dll
- Size
  
  46KB
- MD5
  
  70c514826d9428f184d27f0c8f397404
- SHA1
  
  e6b0b1a396de9913004d9bcaa230972686416bb6
- SHA256
  
  aff59e91d222b75b3e3ac789baba9e24eff99796261ae5e887ef9e3c28bb3d64
- SHA512
  
  168c63cbb54865ca42a884fd974291bcadd9dd8cf8bc1980148214e84498af42a590cb3d3a394765ee0b7d2e337fab6e85ff4f85d9ced97b92b540152202a0a6
- SSDEEP
  
  768:tziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3Q18swN1WQ8hi6U:tziR74kgDn2rDRuIrN5mAvgbTg18DN1z
Score

1^/10
behavioral10 behavioral9
- Target
  
  bin/zstd.dll
- Size
  
  638KB
- MD5
  
  5b96fb0d4e6453680da278f5b7e51a29
- SHA1
  
  3c96a29248fa3644de2c653a5d97c1e21b13a769
- SHA256
  
  1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478
- SHA512
  
  27d06b7182aa48a81cce18f8f7b1bee054f3a862ccebd77d273a67c6a15e5d0ef5ba8fd7430976f445eb8bff51d290f2bb50061ac7ef448255ba8a18b8baf193
- SSDEEP
  
  6144:fbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4uQ16aSG:fbauYGT5BYMxjDHMk0petRCEyb9emHO
Score

1^/10
behavioral11 behavioral12
- Target
  
  cxapis.dll
- Size
  
  12KB
- MD5
  
  d60ed50bd25555f3004d33b0655afc9c
- SHA1
  
  7ea3bb536ebdf7a534c4a026c58612d69d712a59
- SHA256
  
  4bc61c1b668faa12b27e107fd3c4fbe83b2b2a8f0285d8d5c6436a62bbcb081a
- SHA512
  
  888fae7c71e3e6d574c53331a6485649bb2da0b0c2c565822c696bc9f38ddd4c813f1cd808452e7a3c2cd01ee54586c631fe7fcd17324f9e67384a68d4c06a20
- SSDEEP
  
  192:shyp9xF/8zoQwCDLOzI1xCqVUhdK19/g2xKQ5KjvPgFM5R7Jra8VVUw:shyE1LAI18Wa2xKQUTuMtVH
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discordratpersistenceratrootkitstealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14