discordrat | 3132f93211d109aa3f296f62f2b6a78c7188c580879d0567569c17fbec4df0d4

General

Target

3132f93211d109aa3f296f62f2b6a78c7188c580879d0567569c17fbec4df0d4N.exe
Size

312KB
Sample

241226-fpbdsaxnhp
MD5

6105f3ca178dffdc8aa36e3dff7cb240
SHA1

5ef13cd04a4058f670b4af9625e3e4709fb1e5bb
SHA256

3132f93211d109aa3f296f62f2b6a78c7188c580879d0567569c17fbec4df0d4
SHA512

40fe167b4960fc8d6d8ac6898950870d4a41e4660879ef220c64a9a13e9277ec60fea936140ee5670299816a2efcbd7cc6bf9f741d593f19554ef343d9a0bdcd
SSDEEP

6144:hIIcrXQ4S33w614mazUBHfSdocWYD24BfiDFinGTH8Lr:/crNS33L10QdrX4fqinGALr

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxOTg2OTgyOTM2MDEyODA3MQ.G49tLk.gKrl1f-9DXCakQDl5EQiEC-4rrMdZtmrIPsZ_M
server_id
1319869367160275024

Targets

- Target
  
  3132f93211d109aa3f296f62f2b6a78c7188c580879d0567569c17fbec4df0d4N.exe
- Size
  
  312KB
- MD5
  
  6105f3ca178dffdc8aa36e3dff7cb240
- SHA1
  
  5ef13cd04a4058f670b4af9625e3e4709fb1e5bb
- SHA256
  
  3132f93211d109aa3f296f62f2b6a78c7188c580879d0567569c17fbec4df0d4
- SHA512
  
  40fe167b4960fc8d6d8ac6898950870d4a41e4660879ef220c64a9a13e9277ec60fea936140ee5670299816a2efcbd7cc6bf9f741d593f19554ef343d9a0bdcd
- SSDEEP
  
  6144:hIIcrXQ4S33w614mazUBHfSdocWYD24BfiDFinGTH8Lr:/crNS33L10QdrX4fqinGALr
Score

10^/10

discordrat discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Discordrat family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2