discordrat | 148b1a12f3b21c0ced93c01c612108c16128476f076d7e3bdae4c628cd3ce721 | Triage

Sharing

General

Target

148b1a12f3b21c0ced93c01c612108c16128476f076d7e3bdae4c628cd3ce721
Size

801KB
Sample

241228-zgm76aslfq
MD5

7a876eea8b960edd0dd76c20f2ac80e0
SHA1

e4368e08b6f72bf76426f16b446a7ca7cd60f753
SHA256

148b1a12f3b21c0ced93c01c612108c16128476f076d7e3bdae4c628cd3ce721
SHA512

300a74ffbe5c1cdf1f83c9396f72c2a36975338bd40a520a3421dc6325adf865d4bb9d0e75f29d6162e38e054287a0a9e3e61c0684193d9449cc86eddf9d4f54
SSDEEP

12288:oCQjgAtAHM+vetZxF5EWry8AJGy0qxAzv4sPaMdQ/S80ZS20:o5ZWs+OZVEWry8AFrAb4sPBQEY20

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
OTUzNjY2MTA0NzE3MzY5MzQ0.GO4i8C.zDJ7JBYIXSLXHlJi5Yi6jwoHSErKVO_IQHRGWw
server_id
954371492722933781

Targets

- Target
  
  148b1a12f3b21c0ced93c01c612108c16128476f076d7e3bdae4c628cd3ce721
- Size
  
  801KB
- MD5
  
  7a876eea8b960edd0dd76c20f2ac80e0
- SHA1
  
  e4368e08b6f72bf76426f16b446a7ca7cd60f753
- SHA256
  
  148b1a12f3b21c0ced93c01c612108c16128476f076d7e3bdae4c628cd3ce721
- SHA512
  
  300a74ffbe5c1cdf1f83c9396f72c2a36975338bd40a520a3421dc6325adf865d4bb9d0e75f29d6162e38e054287a0a9e3e61c0684193d9449cc86eddf9d4f54
- SSDEEP
  
  12288:oCQjgAtAHM+vetZxF5EWry8AJGy0qxAzv4sPaMdQ/S80ZS20:o5ZWs+OZVEWry8AFrAb4sPBQEY20
Score

10^/10

discordrat persistence rat rootkit stealer spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitspywarestealer