discordrat | 68a982b3a4546c50b7cbf49ae97e9ad5b34340331131e342ebf8663ad7ca94f5 | Triage

Sharing

General

Target

MALWARE DONT RUN.exe
Size

78KB
Sample

241217-tvj5rsspgw
MD5

67ecf78171011aafa55ad542aeb446f4
SHA1

f63949d3ea62224cf4dfbbad9c7366ce5662ad77
SHA256

68a982b3a4546c50b7cbf49ae97e9ad5b34340331131e342ebf8663ad7ca94f5
SHA512

aa4e5e31a99af901e06b7f253e05b598691ad9e867c3c34a4c2ea0f936cdc4964f6982ff4aa27c546666f5345e4ee2ae521ef0e2483c4371ee28ad481632fcb4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxODMxNzY5MjIwNTI2OTA0Mw.GJ6Gzb.6ahR4c80H2mceTshl9pACIQdGhJ4AEZIOye_x0
server_id
1317445742540882003

Targets

- Target
  
  MALWARE DONT RUN.exe
- Size
  
  78KB
- MD5
  
  67ecf78171011aafa55ad542aeb446f4
- SHA1
  
  f63949d3ea62224cf4dfbbad9c7366ce5662ad77
- SHA256
  
  68a982b3a4546c50b7cbf49ae97e9ad5b34340331131e342ebf8663ad7ca94f5
- SHA512
  
  aa4e5e31a99af901e06b7f253e05b598691ad9e867c3c34a4c2ea0f936cdc4964f6982ff4aa27c546666f5345e4ee2ae521ef0e2483c4371ee28ad481632fcb4
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC
Score

10^/10

discordrat persistence rat rootkit stealer spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitspywarestealer