discordrat | afc011779e0cbb0f9e2b86054c457f6a0b0a2dcf4a4df09de013c76ed2b552a1

General

Target

afc011779e0cbb0f9e2b86054c457f6a0b0a2dcf4a4df09de013c76ed2b552a1.exe
Size

814KB
Sample

250124-n9hbtsypcn
MD5

477c02d117bd27ba71ea23c7e43e11f7
SHA1

945283d198fdf56b286b27951ee6af7c6eb155c0
SHA256

afc011779e0cbb0f9e2b86054c457f6a0b0a2dcf4a4df09de013c76ed2b552a1
SHA512

3097a138b7c850eb70d7639893c8157b5c546db6732fb337c88ae7573f03ec8c504dbd627c8e3e62f7f401a09ec4816e811e15bf9e8146b258f32e588d7a930c
SSDEEP

12288:8LJZSYMYiORE18Uibjk7WqX1ouQgqlzj+znTfipwMPlhaySdXYAbdE7znYYz:8VgY5bGvBQgqzj+3fitP/upYAbszYYz

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyOTY4MDQ1OTUwMzg5ODYyNA.GrobFq.k-NKOsgA447-8Lu7-dZzPZ88u6DfH4v3Whpvok
server_id
1296062254936096800

Targets

- Target
  
  afc011779e0cbb0f9e2b86054c457f6a0b0a2dcf4a4df09de013c76ed2b552a1.exe
- Size
  
  814KB
- MD5
  
  477c02d117bd27ba71ea23c7e43e11f7
- SHA1
  
  945283d198fdf56b286b27951ee6af7c6eb155c0
- SHA256
  
  afc011779e0cbb0f9e2b86054c457f6a0b0a2dcf4a4df09de013c76ed2b552a1
- SHA512
  
  3097a138b7c850eb70d7639893c8157b5c546db6732fb337c88ae7573f03ec8c504dbd627c8e3e62f7f401a09ec4816e811e15bf9e8146b258f32e588d7a930c
- SSDEEP
  
  12288:8LJZSYMYiORE18Uibjk7WqX1ouQgqlzj+znTfipwMPlhaySdXYAbdE7znYYz:8VgY5bGvBQgqzj+3fitP/upYAbszYYz
Score

10^/10

discordrat persistence rat rootkit stealer upx
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Discordrat family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2