discordrat | 13cc2f2806d65c35f10a500e8e109c48c1b4ab12642ebdd5c0b3ae85c28fed53

General

Target

SigmaBase.rar
Size

5.1MB
Sample

241207-yn1lds1jcz
MD5

d0c067fb8571dc6b3fb712b587a9f815
SHA1

4e8b3dc0eecf3742d6ab2b7bbbd1bb62fb969e1d
SHA256

13cc2f2806d65c35f10a500e8e109c48c1b4ab12642ebdd5c0b3ae85c28fed53
SHA512

71228c7cab4c8e143d4f570aa237fb8a17b130044c1bf1100f0f4fdb0aee52ab41064a8a913e45fc1a56d608d0ff89c1da3680508d49b789f50ace07c109189a
SSDEEP

98304:yW0Jih/Oj2tvKBV3TGU28aPlqdFsmGhEdntT+w+rSK/5anNREjNYEN8:yW//Xe3xOPlqdXXdtT+rTwEpYl

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMzk0OTc0NTY1NTQ0NzY0Mw.GvqYM1.8ZwhOILcM3Ijsfbzqc8F-Cy7wfV5wKSv-BMD0I
server_id
1313949691574226985

Targets

- Target
  
  FortniteExternalBase/util/loadup.hpp
- Size
  
  7KB
- MD5
  
  a0f66b0a76db9a2faedfc8aa94601a25
- SHA1
  
  5a8838b0757be592c61a2e2860336eea7e79ff56
- SHA256
  
  6db0aea5b2d57418c257610ea5ceaa80e7744fafaf0319cba3bc79bb3100a3cb
- SHA512
  
  9e4fa89c72a54e6522597b8262792355165c098446a25f9d257d2a5be901536478eeb2370415e21f4cff272f8e8cc58b138f9403c92c7df1bb86cf38643ab95d
- SSDEEP
  
  96:XRKQHhzoxEM8z/9vGna6E66Mm3BXx6538x6p3Rx6j34f6Tn+gIXU1L3lwwen+I76:oQHlUEXYyxMscBkYw1LbEgIUGzA
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  FortniteExternalBase/vdm/libary.hpp.exe
- Size
  
  78KB
- MD5
  
  b59a3035631d7d9740f6bbeee9f9af7a
- SHA1
  
  63dd307c35e27216f00a5f915fc06c74b3124dd6
- SHA256
  
  98ac7772969edb1cec6110cf07ecbd151f008d62373b6fe8b9099a0ad68bf2eb
- SHA512
  
  8ac564658284976f614863b8a17faec37cdf014a9188bccdbe3e2e1ad806b7941c107269febad650c41bcfb31e75a8d324ebde7be449858f87841324aa050916
- SSDEEP
  
  1536:lIWOBaZ84c6gEz5De2FzNDnghTAsKFbOZGdndxRKDIZ8o1l8ApbDNr1+uexCxoKG:lIWOBaZ84c6gEz5De2FzNDnghTdWd7Kv
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  x64/Release/quantum.dev.exe
- Size
  
  645KB
- MD5
  
  a9eb5298409209033cf707c0dfbaa60f
- SHA1
  
  bf5c0162018ea54fa188e9ac3f678589db4c18f3
- SHA256
  
  ac09ad360e3876c15982161015c319c31251f087324d6bd77921ba359d4e3d7b
- SHA512
  
  b53d9072411dbfa92cb1a87bcf943ea7e00271d353f5d0d0ebf2088dedc6895ed02fe8c6ba19ca1ba60c139d5ca1ff36a6bc98d1f4ff8e11859b32ce3daff3ec
- SSDEEP
  
  12288:hoJOLUTJcMfM2kO9ssSxJY+IQREyIoXQsXIyHoF9iS3nF1sUZx1sUCN:hoJOLUTJcMfM2kO9ssIG+GKYMoFx3nFw
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral5 behavioral6