discordrat | e53d2667d4053344b06c08fcecb5ae0dedb601472a3fd4480ddef7552dcd8627 | Triage

Sharing

General

Target

Steamtools.exe
Size

631KB
Sample

250220-t4ayfszlbq
MD5

9b0ba8ff1c3ffde041a4f947f96a575a
SHA1

605be10ee1d94239136feb3f66b9c4c7cacc42f8
SHA256

e53d2667d4053344b06c08fcecb5ae0dedb601472a3fd4480ddef7552dcd8627
SHA512

e0410eaf06636daa2fd8ae3be7e93322b4c44e7c32911e2aba687fe65114c95be90c55f0a164fef6c575bc1a8f5c02d3451889f435320b42c2a7102a879c6b3a
SSDEEP

12288:PngM8K8P4ElXddah8kyDIZJOJ4mSveVXiJj:PngHKYfXTkXy0ZJOmZveVX6j

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM0MTg3MTQxMjMxMDE4Mzk1Nw.GO2rpZ.zJW0tIz3zU5xm48BymjnpIa2RQT1b4pOBWtoZ4
server_id
1341871916662919299

Targets

- Target
  
  Steamtools.exe
- Size
  
  631KB
- MD5
  
  9b0ba8ff1c3ffde041a4f947f96a575a
- SHA1
  
  605be10ee1d94239136feb3f66b9c4c7cacc42f8
- SHA256
  
  e53d2667d4053344b06c08fcecb5ae0dedb601472a3fd4480ddef7552dcd8627
- SHA512
  
  e0410eaf06636daa2fd8ae3be7e93322b4c44e7c32911e2aba687fe65114c95be90c55f0a164fef6c575bc1a8f5c02d3451889f435320b42c2a7102a879c6b3a
- SSDEEP
  
  12288:PngM8K8P4ElXddah8kyDIZJOJ4mSveVXiJj:PngHKYfXTkXy0ZJOmZveVX6j
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer