discordrat | 1292831cac53fa6506f00494bb417c3ba00965a04563eab98e392f95902699e1 | Triage

Sharing

General

Target

250207-bxt4mstmhy_pw_infected.zip
Size

349KB
Sample

250207-ett61syjhy
MD5

d278e37026cc89aa578e65fcd2e46f7b
SHA1

dca79c6f06e5bd0ec336f3e7a47eebde3c2329d8
SHA256

1292831cac53fa6506f00494bb417c3ba00965a04563eab98e392f95902699e1
SHA512

258b84bcafee7c10d2c8cf8b21adc4a87df76a98f5ef4181ad7248226f7480a2e948a7a7fc545e23113f185351d3a4674f3ac7588963d736d905f8d1cab7486b
SSDEEP

6144:5OHHo3ozK3nwGoF79zCHuf9PyZdZ5meYVSk1mMOOEHWB74EbEBOo:soj3nzGZCHGQZVm717P7n6v

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzNjE1MzM2MTU3MzIxNjM0Ng.G2Ga3O.6fY2Q_xGRBTkZD6yro26PYZ_j0hEJCFaIweb3k
server_id
1335778556487139340

Targets

- Target
  
  built.sfx.exe
- Size
  
  550KB
- MD5
  
  9f845faa8d20bca0ad5b562c49984226
- SHA1
  
  5d9b152c9687f8f8e6359e5f9b3da34dc4ae1448
- SHA256
  
  0fc69c69c41de8a3a9b20b7387ebda3cd6948d25da1755c20404fdefdda53555
- SHA512
  
  eabcbf804b7090ad2a31af90e6072bbe86bc2d9870306dae2c4262b3588f042d4248591cc665d5167626403a5f6ced92dde7161e933aaecea08bc3b8323a3adb
- SSDEEP
  
  12288:NenOND3GsvSAQoReDhwAZbmajZk/f7SGqlJ6P:gnOlW8SnXFwAtmajGOGqiP
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer