discordrat | 8b39fe4e78563049c54a78194c59cdbce36d7e3a3863d6f6f6b0635187a6425c | Triage

Submit
Reports

Overview

overview

Static

static

Moon/Boots...on.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Moon.zip
Size

10.6MB
Sample

241218-t2l8psvmft
MD5

4f9d902ee726dc8ec95869fdac0a531f
SHA1

b72056fe58dd225e459d840fcf6503c75aca5c2b
SHA256

8b39fe4e78563049c54a78194c59cdbce36d7e3a3863d6f6f6b0635187a6425c
SHA512

b8e8b476f545ab16ece677fcb6ef7c60280452c33b8058783858b6be926fd29fe9f896b84e47b19ddbe02305b191ebbf12fb80f073a09039eb4606743c7689f1
SSDEEP

196608:cFNTLHiiHO3u6iiiz6HF8sgMkHCgATOYKmKkaWFuFeHlCB219ew0lNbxFdGaPZTx:ydHgeiiz6ysgVHCg/YKmtUFoz9uRRTeG

Score

10^/10

discordrat persistence rat rootkit stealer vmprotect

Static task

static1

vmprotect discordrat

3 signatures

Behavioral task

behavioral1

Sample

Moon/BootstraperRunmethenopenMoon.exe

Resource

win10ltsc2021-20241211-en

discordrat persistence rat rootkit stealer

windows10-ltsc 2021-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3MTEzMDc4MjAyMjM2OTMyNg.G5Ye-Q.rxyAh9UbKZ_ydFZicHmnl-aUZSkNccSaQl8Lv4
server_id
1265719817512685662

Targets

- Target
  
  Moon/BootstraperRunmethenopenMoon.exe
- Size
  
  78KB
- MD5
  
  6849bba49988a6ec013e5f53b9cac85f
- SHA1
  
  4ed24456e470646a34854feb0f2b993211a8bc11
- SHA256
  
  d98a06bcad1ad76201650ec2e0a8dfe4e77e3f68f7b23687f9c62e571c440a80
- SHA512
  
  e2f129009a04e35f78afa2f5c23b336c7170dc2c5e0b79dd21e61a6e709a1293f518906a8177879b78935fef75ad597ac43a8dd7a5a7f44ce7526c5964e12468
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+jPIC:5Zv5PDwbjNrmAE+7IC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

vmprotectdiscordrat

behavioral1

discordratpersistenceratrootkitstealer

© 2018-2024

Terms | Privacy