discordrat | 269a629068ef029d5432e001a3744fa87753a3c62dee5dd022e461f94f849ee5

General

Target

269a629068ef029d5432e001a3744fa87753a3c62dee5dd022e461f94f849ee5
Size

520KB
Sample

241226-2l748stlex
MD5

7e26d878b40e1e18d7a8502adb7786ee
SHA1

6ec71f9b6b4ed98c6ad17598cebfd2dbb2002355
SHA256

269a629068ef029d5432e001a3744fa87753a3c62dee5dd022e461f94f849ee5
SHA512

c14613e37c3f7418ab289d92372677251d32663ac49d530d4f249014977e7d89dafd2f1b644dc2a4173d47e89e3b38d436da6a79425bcedb99736d7dee4d0ab6
SSDEEP

12288:EyveQB/fTHIGaPkKEYzURNAwbAg8jTYiGwbc:EuDXTIGaPhEYzUzA0qDGwbc

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMTM0MDQzMjc0Mjg3OTI3Mw.GMUugK._6Rg19IMHnSVA-dlu-NIekKS1NnRtnrMEh3n08
server_id
1321339493286019134

Targets

- Target
  
  269a629068ef029d5432e001a3744fa87753a3c62dee5dd022e461f94f849ee5
- Size
  
  520KB
- MD5
  
  7e26d878b40e1e18d7a8502adb7786ee
- SHA1
  
  6ec71f9b6b4ed98c6ad17598cebfd2dbb2002355
- SHA256
  
  269a629068ef029d5432e001a3744fa87753a3c62dee5dd022e461f94f849ee5
- SHA512
  
  c14613e37c3f7418ab289d92372677251d32663ac49d530d4f249014977e7d89dafd2f1b644dc2a4173d47e89e3b38d436da6a79425bcedb99736d7dee4d0ab6
- SSDEEP
  
  12288:EyveQB/fTHIGaPkKEYzURNAwbAg8jTYiGwbc:EuDXTIGaPhEYzUzA0qDGwbc
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Discordrat family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2