discordrat | 6e26cd89db50b9edaa16d472dd81b869a014ef5b48f9beddf2b7cd682649f402 | Triage

Submit
Reports

Overview

overview

Static

static

3

Bootstrapper.23.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Bootstrapper.23.exe
Size

693KB
Sample

241213-pjptnazmfm
MD5

4fb8fe2bbbfa6fe0a143e1324dc4a5e8
SHA1

c70606a2ab08e430423314e6b3e8700e61c2cc27
SHA256

6e26cd89db50b9edaa16d472dd81b869a014ef5b48f9beddf2b7cd682649f402
SHA512

b70122c16c1a0d0e1e0ccdc2bae4c742c2038dc0b6e1f610543f303b0e24f8fafa7f7b09ce232888bb38be7d8498abef69f623f980e9c40e509e5cd48fe2a5a1
SSDEEP

12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t47pczJr+eNWsdHAYBPA6/S4XnL+0N:xuDXTIGaPhEYzUzA0/07pSr+eNg0FP9N

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bootstrapper.23.exe

Resource

win10ltsc2021-20241211-en

discordrat discovery persistence rat rootkit stealer

windows10-ltsc 2021-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMzEyNzU0NTc5MjYyNjcwOA.Gkk18Z.4N0_jmiIDKcoLtOmWe4t37gYWyEtG0NPmEV7c4
server_id
1287346091842342942

Targets

- Target
  
  Bootstrapper.23.exe
- Size
  
  693KB
- MD5
  
  4fb8fe2bbbfa6fe0a143e1324dc4a5e8
- SHA1
  
  c70606a2ab08e430423314e6b3e8700e61c2cc27
- SHA256
  
  6e26cd89db50b9edaa16d472dd81b869a014ef5b48f9beddf2b7cd682649f402
- SHA512
  
  b70122c16c1a0d0e1e0ccdc2bae4c742c2038dc0b6e1f610543f303b0e24f8fafa7f7b09ce232888bb38be7d8498abef69f623f980e9c40e509e5cd48fe2a5a1
- SSDEEP
  
  12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t47pczJr+eNWsdHAYBPA6/S4XnL+0N:xuDXTIGaPhEYzUzA0/07pSr+eNg0FP9N
Score

10^/10

discordrat discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitstealer

© 2018-2024

Terms | Privacy