discordrat | abaee704f5c196371eb8b92f161135f5d42d9290c92e2ceb1e7dee10a0d15a4e

General

Target

abaee704f5c196371eb8b92f161135f5d42d9290c92e2ceb1e7dee10a0d15a4e
Size

748KB
Sample

250102-b85draypdm
MD5

4a50c0fac7e7c8c8bab89a1968d24927
SHA1

8315b29f960059621c67b06ce85d8390df61ae53
SHA256

abaee704f5c196371eb8b92f161135f5d42d9290c92e2ceb1e7dee10a0d15a4e
SHA512

d6916f0a844ba8301a24b602411d859e44dedac5077c589fe9ae205f52dddb40b49bced20d3de41abf4a9a979b6171ee1f6b1318b811e460ec615fe2fd875d8f
SSDEEP

12288:8yveQB/fTHIGaPkKEYzURNAwbAg8f0VXGxnB/OBBh+HqXkGDQv88:8uDXTIGaPhEYzUzA0q6XGxZOBlHQv88

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMzk1NDMyMzI3Mjc2NTQ1MA.GlwOtb.MRk2b9stGIOHJ31nrWHUdCWhTi5zASWKSorIOk
server_id
1323954995678417017

Targets

- Target
  
  abaee704f5c196371eb8b92f161135f5d42d9290c92e2ceb1e7dee10a0d15a4e
- Size
  
  748KB
- MD5
  
  4a50c0fac7e7c8c8bab89a1968d24927
- SHA1
  
  8315b29f960059621c67b06ce85d8390df61ae53
- SHA256
  
  abaee704f5c196371eb8b92f161135f5d42d9290c92e2ceb1e7dee10a0d15a4e
- SHA512
  
  d6916f0a844ba8301a24b602411d859e44dedac5077c589fe9ae205f52dddb40b49bced20d3de41abf4a9a979b6171ee1f6b1318b811e460ec615fe2fd875d8f
- SSDEEP
  
  12288:8yveQB/fTHIGaPkKEYzURNAwbAg8f0VXGxnB/OBBh+HqXkGDQv88:8uDXTIGaPhEYzUzA0q6XGxZOBlHQv88
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Discordrat family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2