discordrat | 820e078ba20a1d71567e03ba9ded74fba3783a332123141333b315c9e5a5a02a

General

Target

Valhacks_1.exe
Size

719KB
Sample

250112-z8q35azmav
MD5

4ec8339947d7cbb008baf517fcab0707
SHA1

6a29ca741ef10473b4b6c5af1caf899bc00ad87d
SHA256

820e078ba20a1d71567e03ba9ded74fba3783a332123141333b315c9e5a5a02a
SHA512

3bba68339f56b1c27987e12ab3052f0b4b18ddd4705ef962224d317d14fc8b0910e6cceb422ea2905b7923b20a289a19fb30d22d2c4904dce4ccaee760a6fc54
SSDEEP

12288:zCQjgAtAHM+vetZxF5EWry8AJGy0yvrVBHUl061yhp0xCkScaddIXEBObLJMjJN:z5ZWs+OZVEWry8AFBDVBHUl06YhpmA9D

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NjU2Mzk3NzA5MDE3MDg5MA.GSGnYD.mZ5A67Z0aJaltBR9NnuG2KEdqkMRU6_UcPS7N4
server_id
1246564755443814531

Targets

- Target
  
  Valhacks_1.exe
- Size
  
  719KB
- MD5
  
  4ec8339947d7cbb008baf517fcab0707
- SHA1
  
  6a29ca741ef10473b4b6c5af1caf899bc00ad87d
- SHA256
  
  820e078ba20a1d71567e03ba9ded74fba3783a332123141333b315c9e5a5a02a
- SHA512
  
  3bba68339f56b1c27987e12ab3052f0b4b18ddd4705ef962224d317d14fc8b0910e6cceb422ea2905b7923b20a289a19fb30d22d2c4904dce4ccaee760a6fc54
- SSDEEP
  
  12288:zCQjgAtAHM+vetZxF5EWry8AJGy0yvrVBHUl061yhp0xCkScaddIXEBObLJMjJN:z5ZWs+OZVEWry8AFBDVBHUl06YhpmA9D
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Discordrat family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2