discordrat | 724d531533e4a6b96dfcc3347069ee55dd542834f069b84dd2df5df60d2f912d | Triage

Sharing

General

Target

nerdygpj.exe
Size

655KB
Sample

250126-j835paxrfq
MD5

aa3de6b9ed16dc25882512643f5b5d6f
SHA1

5d6dac51c993d6d11502d9f6cb77e41f5dacd609
SHA256

724d531533e4a6b96dfcc3347069ee55dd542834f069b84dd2df5df60d2f912d
SHA512

9169a82e6e1268ad995b2b577e5a74882dfc1021693bd2b05cf0897bd357560faa22ceac4b144805a27bc8718c8c217c83280ecad09871ae8d83369e80cd79ae
SSDEEP

12288:lyveQB/fTHIGaPkKEYzURNAwbAg8VRdx0yEyraRxmqr:luDXTIGaPhEYzUzA0qfdx0yhrLW

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMjk4MTU1MzE2ODM4ODExNg.GEFbth.pkE5BLc6R0gzV4Q6-vvFbkxuMkkG0am3UW0Lkc
server_id
1332982186072342528

Targets

- Target
  
  nerdygpj.exe
- Size
  
  655KB
- MD5
  
  aa3de6b9ed16dc25882512643f5b5d6f
- SHA1
  
  5d6dac51c993d6d11502d9f6cb77e41f5dacd609
- SHA256
  
  724d531533e4a6b96dfcc3347069ee55dd542834f069b84dd2df5df60d2f912d
- SHA512
  
  9169a82e6e1268ad995b2b577e5a74882dfc1021693bd2b05cf0897bd357560faa22ceac4b144805a27bc8718c8c217c83280ecad09871ae8d83369e80cd79ae
- SSDEEP
  
  12288:lyveQB/fTHIGaPkKEYzURNAwbAg8VRdx0yEyraRxmqr:luDXTIGaPhEYzUzA0qfdx0yhrLW
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer