discordrat | 5bce7dbec4e5f84a3548b60cfc92db0cb12ad033a6dc1d6f4606af3aa1b55265 | Triage

Submit
Reports

Overview

overview

Static

static

HWID Checker.exe

windows10-2004-x64

Sharing

General

Target

HWID Checker.exe
Size

78KB
Sample

241210-gwzwds1kbq
MD5

580a5db3ec217979caa1ac20fc504f25
SHA1

bae84ceed3c5962738a326879bf42a0b9d07aa6e
SHA256

5bce7dbec4e5f84a3548b60cfc92db0cb12ad033a6dc1d6f4606af3aa1b55265
SHA512

925f7d68b5275901edc5272eb354b54cda9ce6aea56d72dba65a78b5b9eddfeebb8329434a219eb00b2c1ac885f58975a064c6af04a84b1c28fb59ec448cc219
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+VPIC:5Zv5PDwbjNrmAE+FIC

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

HWID Checker.exe

Resource

win10v2004-20241007-en

discordrat defense_evasion discovery persistence rat rootkit spyware stealer

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNTgyOTU4NTc4NjQzNzY0NA.GYfgs3.ld1fBGDCSajdNinuOIM7RFm1X5IhX4xNi-p49c
server_id
1315830690436349982

Targets

- Target
  
  HWID Checker.exe
- Size
  
  78KB
- MD5
  
  580a5db3ec217979caa1ac20fc504f25
- SHA1
  
  bae84ceed3c5962738a326879bf42a0b9d07aa6e
- SHA256
  
  5bce7dbec4e5f84a3548b60cfc92db0cb12ad033a6dc1d6f4606af3aa1b55265
- SHA512
  
  925f7d68b5275901edc5272eb354b54cda9ce6aea56d72dba65a78b5b9eddfeebb8329434a219eb00b2c1ac885f58975a064c6af04a84b1c28fb59ec448cc219
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+VPIC:5Zv5PDwbjNrmAE+FIC
Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdefense_evasiondiscoverypersistenceratrootkitspywarestealer

© 2018-2024

Terms | Privacy