discordrat | 2f294b7dd8df80c19dcf8e338049f55787492e70e39eca8f8dc731b3c6addc83 | Triage

Resubmissions

04-12-2024 11:26

241204-nj75katpgs 10

04-12-2024 11:05

241204-m67lwaynak 10

Sharing

General

Target

skibidi.rar
Size

620KB
Sample

241204-nj75katpgs
MD5

9203bac98be22e157ce7c86d37612fe1
SHA1

59974211755bd19ec22531e6816bc882913c0bf8
SHA256

2f294b7dd8df80c19dcf8e338049f55787492e70e39eca8f8dc731b3c6addc83
SHA512

b7d71a46bc5e6057bb4a47b0e99cb6e3f4a6b778a3302730da2a7a546e8f291afe53691eccfb0ec8c985273c6f80731dba569937cf339bdb8d84a17921fc182f
SSDEEP

12288:d1dQsEq5nHYEv2OcwMbW6q7APXvVptxsbD2YS/zB86mv9F5ar4vF:d8sHOEvxmW6tvdubKPBXqHvF

Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMzYwMzQzNTY5MzYwOTEwMg.G0k280.tlujv7Qu1u6uHZMDdDCuyzSTaLQITkGmfU0u3s
server_id
1312325986385264681

Targets

- Target
  
  badassfuckingtien.exe
- Size
  
  840KB
- MD5
  
  264db47eec711ef618870219832e5dfe
- SHA1
  
  116d2ff601d6640d3fe24fb67492ca2c82d9bbd9
- SHA256
  
  5c8b1d9c70780e1e669b4b34b0e190f6a691b8ada42179e248513feafe5b9ee5
- SHA512
  
  1672cbd9273987fd2d3cb1f843e2e28bb4c107913e0d1562ce6cdd7a403ba40e1bdd05647f3d89b0b00a8dff8328c9fad342f1b771ee391990db6d4855d8ad56
- SSDEEP
  
  24576:9uDXTIGaPhEYzUzA0q5VR0cNnns+UrZtb5jpXw86qh:gDjlabwz9iVR0WnQZ5xpA86qh
Score

10^/10

discordrat discovery persistence rat rootkit stealer spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitspywarestealer