discordrat | 7c025b2421e49f55f97484db876940a4be40ad66180745bf5cbf27242aa5d433 | Triage

Sharing

General

Target

fortnite‮gpj.exe
Size

872KB
Sample

250106-fy3jmaxkcz
MD5

1e2050af9bccc9a8766a43fb83b9b1f0
SHA1

d26c33e6c6db918dccbd538877e301b28c90307e
SHA256

7c025b2421e49f55f97484db876940a4be40ad66180745bf5cbf27242aa5d433
SHA512

cf6c4085b0a260e920cb737c50cdce42fcf684120005072b6f4dd125ad058c142fc51220695d0b2ebc1e4c9e74283f5eb091b709a58e92ba8f0545bba4e116f6
SSDEEP

24576:X5ZWs+OZVEWry8AFBn+yHDB17T4ZQqKkFPJ1x1CwrNa6h8kQU17l:JZB1G8Yt+yjT/joFzxr46houl

Score

10^/10

discordrat persistence ransomware rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE3MDQzNjc1NDU1NDI0NTE4MA.G8c-n6.n5Z1nJRp3yw5c3HWGqwGMY-vuXkB44mjt5C8jE
server_id
1298154591732629564

Targets

- Target
  
  fortnite‮gpj.exe
- Size
  
  872KB
- MD5
  
  1e2050af9bccc9a8766a43fb83b9b1f0
- SHA1
  
  d26c33e6c6db918dccbd538877e301b28c90307e
- SHA256
  
  7c025b2421e49f55f97484db876940a4be40ad66180745bf5cbf27242aa5d433
- SHA512
  
  cf6c4085b0a260e920cb737c50cdce42fcf684120005072b6f4dd125ad058c142fc51220695d0b2ebc1e4c9e74283f5eb091b709a58e92ba8f0545bba4e116f6
- SSDEEP
  
  24576:X5ZWs+OZVEWry8AFBn+yHDB17T4ZQqKkFPJ1x1CwrNa6h8kQU17l:JZB1G8Yt+yjT/joFzxr46houl
Score

10^/10

discordrat persistence rat rootkit stealer ransomware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceransomwareratrootkitstealer