discordrat | c6d181316a032547611b42cf657440444b94d57509262f2e11b29212c31642f9 | Triage

Sharing

General

Target

KINGDOM.rar
Size

9.6MB
Sample

241218-wehccaxnhj
MD5

f7a9d2d2dbe9285b8fa403c48728916c
SHA1

140ce750fb627b58b10a9ade370cacc09fb9ca43
SHA256

c6d181316a032547611b42cf657440444b94d57509262f2e11b29212c31642f9
SHA512

c6104b37e4f9434e70e6b8eba72f0cde979b36dccd94a1b11c3bb90fb51c6977ed4489af5345fd0ce098bab2cf43fb680b7fa1dbea4a9269750c9cf9d260ca9d
SSDEEP

196608:ZF2ZCKdyq6ZHlVTnPpbkRre7tVyuXp4Vs7lQL+JbRFkC07d+fFfu8/gwagmMuPg/:ZFZKw7VTnPXVypukf7d+fdu8/gwto5vk

Score

10^/10

discordrat persistence rat rootkit stealer vmprotect

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5ODU2NTc1MDg2OTM0ODQ4Nw.GEaDVF.SoDWe_1YPV_HyqdlifJ_rW_Ht63qAP64AVKB3A
server_id
1178732805065281556

Targets

- Target
  
  KINGDOM/CE_punch.exe
- Size
  
  78KB
- MD5
  
  8830b86f6d0f948239faede686f17a90
- SHA1
  
  aad1f9d169f47d3fdc3cbf72b148e9e579972376
- SHA256
  
  6cfa953a75f49a0c2b10dde540e925097c9fd9c6eac3dc3383da59fa1c122c00
- SHA512
  
  3b3ccb74da1e172c6f1ae08fe02669dafa9f946730574ecd10f1187776b3c3917efaaf56814ef8fca42c8c2c7c38425bdc27062d7589a102077755f270cdb2c4
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
behavioral1
- Target
  
  KINGDOM/NewX.vmp.exe
- Size
  
  10.1MB
- MD5
  
  410912bf0fb6f35648644fe15f0db3fd
- SHA1
  
  6e2d57b868372e22b318e79a2bd6da4c2902e75e
- SHA256
  
  e8220c82de5497eecd9b6a92210d6dbac2e1f0b17dc18ef81cbdafbd61a376da
- SHA512
  
  9b3966a2300682f84d3fe41958943c3dbf2b73a8209ee749338a76bf60f240367fa185cb5c80570dca2d539c2e2c7546a462e2b72c3be2887e16253895841c1c
- SSDEEP
  
  196608:lfVjfV9N6JdZIVg48vXBzQN8MEJoUTFBYSg8t/9bG06GiOF:/jfV9sNIq48vXBcNQJoIFSSg8L6XnOF
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral2
- Target
  
  KINGDOM/lua53-64.dll
- Size
  
  528KB
- MD5
  
  b7c9f1e7e640f1a034be84af86970d45
- SHA1
  
  f795dc3d781b9578a96c92658b9f95806fc9bdde
- SHA256
  
  6d0a06b90213f082cb98950890518c0f08b9fc16dbfab34d400267cb6cdadeff
- SHA512
  
  da63992b68f1112c0d6b33e6004f38e85b3c3e251e0d5457cd63804a49c5aa05aa23249e0614dacad4fec28ca6efdb5ddee06da5bfbfa07e21942976201079f3
- SSDEEP
  
  6144:FshVOadaiL9mUHQMpgL8LgpqClZNKX6SumisBEb/NUidzSky3uDMK/LXTMBQqN5T:hOL9J2L8E5VKKSuLGEhXGstCXoYkc7BV
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vmprotectdiscordrat

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

behavioral3