Overview

overview

10

Static

static

10

TRT.exe

windows7-x64

10

TRT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TRT.exe

  • Size

    78KB

  • Sample

    250106-13draaznat

  • MD5

    dc350fb27cef847db894d4704faac60a

  • SHA1

    cb671a35127562cb8d20c92e471f0841b6b14ba1

  • SHA256

    7bf5ffd27f4de79d44dfed376fde5f58c9b8479b1b102e88881ad4b4b218f5f0

  • SHA512

    d4abde46cfea25f8645e3a4920944d0f7676418ae5c4d22256021ac3a7566c3b41ad812d26c10da344894c35b5457057f1184b42e3b5d83b96177606d326a63d

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+CpPIC:5Zv5PDwbjNrmAE+oIC

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMyNTg4NDM2NjcxNDMxMDY3Ng.Gc_wqW.b2EmK8XaLOl-3gOmCEBQuc_xctgLo2BaBegyQQ

  • server_id

    1325882884120383539

Targets

    • Target

      TRT.exe

    • Size

      78KB

    • MD5

      dc350fb27cef847db894d4704faac60a

    • SHA1

      cb671a35127562cb8d20c92e471f0841b6b14ba1

    • SHA256

      7bf5ffd27f4de79d44dfed376fde5f58c9b8479b1b102e88881ad4b4b218f5f0

    • SHA512

      d4abde46cfea25f8645e3a4920944d0f7676418ae5c4d22256021ac3a7566c3b41ad812d26c10da344894c35b5457057f1184b42e3b5d83b96177606d326a63d

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+CpPIC:5Zv5PDwbjNrmAE+oIC

    Score
    10/10
    discordratpersistenceratrootkitstealerdiscovery

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks