discordrat | 7bdb19204fec2ec0addc3761372caef85894bacf999c6c2fe80c64eef3abd936 | Triage

Sharing

General

Target

Makala Executor.zip
Size

4.2MB
Sample

241216-3dxh7stqfl
MD5

b3344291f83a0d1966f21d86c0b0ed03
SHA1

874b0a39530f346d0b250c60ec35462d7af4a29b
SHA256

7bdb19204fec2ec0addc3761372caef85894bacf999c6c2fe80c64eef3abd936
SHA512

c0823d845a4bf451c89f351d91b1010868a91a20cf6d163e149cd4ac972d375ab1c98aef604870abae497ff5d9ea230942ffaabfa9629686f97bdf039cec0856
SSDEEP

98304:v1Bi5yP86sIwKAC3tZQ3kvBQtdXSzQ1CgMOjmEBTnABTVpFAjOEWH6C1fZHn:e5yx7R3tZQLQJgBBrAtVpF5EW6C1tn

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxODM1MTU3NDYzNjAzNjEyNg.GOjBDm.fj5GQTX1yf12bG6cA-jFqOCZzVLbT2a7KZ8L7Y
server_id
1031700632450641981

Targets

- Target
  
  Makala Executor/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral1 behavioral2
- Target
  
  Makala Executor/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral3 behavioral4
- Target
  
  Makala Executor/Makala Bootstrapper.exe
- Size
  
  78KB
- MD5
  
  6a7ea29ef2fb6c36471d0e055b81f084
- SHA1
  
  168ba0b3c3f51d89b4b3e5be7c91a813a51387c2
- SHA256
  
  cd562416060b65c4e342e62169e7d6136f7043e5252943b1a7033d9160ee383a
- SHA512
  
  f9ad092b14d16c13ddc1e791147efc2edfbe875865ee523bbb190ee851725ae3c909eabd15f9ad193d5cbedefa46802a886713cc471f0c2308e51fae61e9256e
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  Makala Executor/Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  750c58af2e56b6addecffcf152520ab8
- SHA1
  
  14995e7f1d12498606d9d209d78d55fe6fd87802
- SHA256
  
  27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
- SHA512
  
  2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score

1^/10
behavioral7 behavioral8
- Target
  
  Makala Executor/bin/Xeno.dll
- Size
  
  966KB
- MD5
  
  ec9869d9931e7b80c907d0a05d03f071
- SHA1
  
  9102ef75bd50fb9d8be8b2f07a977c3d23fc82a0
- SHA256
  
  70ef43c6ede2e80212c363058da59236602c69ff94c8a4baff297d5134e95be2
- SHA512
  
  ee231c55fba5f8da4a104024ca27a69e0b37f73709bf2b7ad8375fecb34cd4c3f0fb8ad2c04ef92a777ea2a48fa6afd0078f55930d95c17b9a7cc14c3ade4906
- SSDEEP
  
  12288:HyFglykm6F+W80X4WOOzLoiNu5c+knlomlT9/xeYP5KT4KkIpSM01n:SN6oN0X+S5u5cvnlTL58T4KkH
Score

1^/10
behavioral10 behavioral9
- Target
  
  Makala Executor/bin/libcrypto-3-x64.dll
- Size
  
  4.5MB
- MD5
  
  be0f6d1d60e149cedaca33a04963e05f
- SHA1
  
  b686e1ed9ae47b8ae803a5d9e912b0e631bc4217
- SHA256
  
  81a5fe6cd0ef5b083e5c4bdb6a40a30bfb1b0de15a9dfad459de2d6a36d94f86
- SHA512
  
  7b39dd8c70286ec4fe61cb2c3c12062f2dcbdda607c2f14c4f983741026f6aa62b60f9e983204949395cc54b5ebf6426c0f8300e0e385c35c1f2f3847160d7ff
- SSDEEP
  
  98304:5l+f+Kv6t8y37re39P6k1CPwDvt3uFGCC:/Cyt8yLre39yk1CPwDvt3uFGCC
Score

1^/10
behavioral11 behavioral12
- Target
  
  Makala Executor/bin/libssl-3-x64.dll
- Size
  
  802KB
- MD5
  
  733e3b58ee1760a442fec4712848c3ad
- SHA1
  
  529206caad19cce2424323bc29a9fb9a4bbd3e76
- SHA256
  
  159198cb8e740f9ad5918b51503121fd1b7e70460f6a4f6a6aa27576bbfa31c7
- SHA512
  
  10835ff09e35d8acb2739707219905b3ae2870af973d8f80040baeb732eb798fa93ef1bc599ad9898aff8e20ee21aa1f5e5e07340eda205aa938fc001cd83a88
- SSDEEP
  
  12288:uDYDcpeu9jFBOBJfbudc68KqLie1+jKMwmUxlcdEVB3ks:usM9jFr8OeW5wmNdEVB3k
Score

1^/10
behavioral13 behavioral14
- Target
  
  Makala Executor/bin/xxhash.dll
- Size
  
  46KB
- MD5
  
  70c514826d9428f184d27f0c8f397404
- SHA1
  
  e6b0b1a396de9913004d9bcaa230972686416bb6
- SHA256
  
  aff59e91d222b75b3e3ac789baba9e24eff99796261ae5e887ef9e3c28bb3d64
- SHA512
  
  168c63cbb54865ca42a884fd974291bcadd9dd8cf8bc1980148214e84498af42a590cb3d3a394765ee0b7d2e337fab6e85ff4f85d9ced97b92b540152202a0a6
- SSDEEP
  
  768:tziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3Q18swN1WQ8hi6U:tziR74kgDn2rDRuIrN5mAvgbTg18DN1z
Score

1^/10
behavioral15 behavioral16
- Target
  
  Makala Executor/bin/zstd.dll
- Size
  
  638KB
- MD5
  
  5b96fb0d4e6453680da278f5b7e51a29
- SHA1
  
  3c96a29248fa3644de2c653a5d97c1e21b13a769
- SHA256
  
  1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478
- SHA512
  
  27d06b7182aa48a81cce18f8f7b1bee054f3a862ccebd77d273a67c6a15e5d0ef5ba8fd7430976f445eb8bff51d290f2bb50061ac7ef448255ba8a18b8baf193
- SSDEEP
  
  6144:fbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4uQ16aSG:fbauYGT5BYMxjDHMk0petRCEyb9emHO
Score

1^/10
behavioral17 behavioral18
- Target
  
  Makala Executor/cxapis.dll
- Size
  
  12KB
- MD5
  
  d60ed50bd25555f3004d33b0655afc9c
- SHA1
  
  7ea3bb536ebdf7a534c4a026c58612d69d712a59
- SHA256
  
  4bc61c1b668faa12b27e107fd3c4fbe83b2b2a8f0285d8d5c6436a62bbcb081a
- SHA512
  
  888fae7c71e3e6d574c53331a6485649bb2da0b0c2c565822c696bc9f38ddd4c813f1cd808452e7a3c2cd01ee54586c631fe7fcd17324f9e67384a68d4c06a20
- SSDEEP
  
  192:shyp9xF/8zoQwCDLOzI1xCqVUhdK19/g2xKQ5KjvPgFM5R7Jra8VVUw:shyE1LAI18Wa2xKQUTuMtVH
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

discordratpersistenceratrootkitstealer

behavioral6

discordratpersistenceratrootkitstealer

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20