Overview

overview

10

Static

static

3

skin1gnp.scr

windows7-x64

10

skin1gnp.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    skin1gnp.scr

  • Size

    307KB

  • Sample

    250219-ssea3atmej

  • MD5

    8f7810381f42d29134a4ac5087a92a42

  • SHA1

    8eb837f7e26aa5c2b6ef5b18705f6f097f140bea

  • SHA256

    caeea16149010bd02cbe3a054fcdd9fba47497f3e3e9c546e54c0785d2f8f04d

  • SHA512

    0dd70d23abd2ccf1d70bb2b7e6062815da45c943cf95a5b48a695d546b9a2fa1dad3c8316c89aa8b1438f3c5bd2ed0489dc9a8303f3ef73137ec994838f7b7c2

  • SSDEEP

    6144:dTouKrWBEu3/Z2lpGDHU3ykJkNb3T/IDDjkiAgHFh:dToPWBv/cpGrU3yJNb3jIYhQFh

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyMzkzMDI5MjY4Nzg2Mzg3OQ.GCQy-9.zSkHr2ex6TmqW70MMKmAeduFkI1B5WhgY-dPIw

  • server_id

    1189610200676708393

Targets

    • Target

      skin1gnp.scr

    • Size

      307KB

    • MD5

      8f7810381f42d29134a4ac5087a92a42

    • SHA1

      8eb837f7e26aa5c2b6ef5b18705f6f097f140bea

    • SHA256

      caeea16149010bd02cbe3a054fcdd9fba47497f3e3e9c546e54c0785d2f8f04d

    • SHA512

      0dd70d23abd2ccf1d70bb2b7e6062815da45c943cf95a5b48a695d546b9a2fa1dad3c8316c89aa8b1438f3c5bd2ed0489dc9a8303f3ef73137ec994838f7b7c2

    • SSDEEP

      6144:dTouKrWBEu3/Z2lpGDHU3ykJkNb3T/IDDjkiAgHFh:dToPWBv/cpGrU3yJNb3jIYhQFh

    Score
    10/10
    discordratdiscoverypersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks