discordrat | c0165cd17b88713f3a696381b81395c2fa6b5906f56fe8fc88ea8bc3a79917ba

General

Target

c0165cd17b88713f3a696381b81395c2fa6b5906f56fe8fc88ea8bc3a79917ba
Size

278KB
Sample

250123-hngkhsxqd1
MD5

647f7c23154548a9db378c586a9a592d
SHA1

2ec68e4345f61c046707665222ba8f544ad15506
SHA256

c0165cd17b88713f3a696381b81395c2fa6b5906f56fe8fc88ea8bc3a79917ba
SHA512

8e62397249e5cc753333bc08f7dd72e7cebb2f196bd60cbe5d85ff277bc85436f785146cc38296e1430bf11f7effba3ea68b911a5e8ca120c0467b63216d6b44
SSDEEP

3072:F5L+TmkCC/6H7VAyZjFVA+Z89peccopp0pbpC5it2TMWeG:F5aVpeccopp0pbpuTMW9

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMDk2MzQyNTIzMjQyNTA5Mw.GGR2C3.2c1fbdjdBTKFuuehMq5J2B6hloWwpn1KByBAoo
server_id
1330576263034699828

Targets

- Target
  
  c0165cd17b88713f3a696381b81395c2fa6b5906f56fe8fc88ea8bc3a79917ba
- Size
  
  278KB
- MD5
  
  647f7c23154548a9db378c586a9a592d
- SHA1
  
  2ec68e4345f61c046707665222ba8f544ad15506
- SHA256
  
  c0165cd17b88713f3a696381b81395c2fa6b5906f56fe8fc88ea8bc3a79917ba
- SHA512
  
  8e62397249e5cc753333bc08f7dd72e7cebb2f196bd60cbe5d85ff277bc85436f785146cc38296e1430bf11f7effba3ea68b911a5e8ca120c0467b63216d6b44
- SSDEEP
  
  3072:F5L+TmkCC/6H7VAyZjFVA+Z89peccopp0pbpC5it2TMWeG:F5aVpeccopp0pbpuTMW9
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Discordrat family

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2