discordrat | 399d5632b1f33414b80fd040ec4cdec4a4e008b700d1e41134aab794142a1695 | Triage

Sharing

General

Target

CCleanerPrenium.exe
Size

576KB
Sample

250327-dqdjeswxhv
MD5

e3fbf000f0cb88f22399a9dc2ee979ed
SHA1

5159b6bdd26f852341efce2b1731805f9066b2f0
SHA256

399d5632b1f33414b80fd040ec4cdec4a4e008b700d1e41134aab794142a1695
SHA512

703d579fbbd7732dab0b81ec100d6296ce92e663ec8f1ef7b3d176fd296667ba6e734b60ffc83e4ae28062913b2c969a92de3bf4ff20af723242ccf620ff0b7d
SSDEEP

12288:/ngM8K8P4ElXddah8kyDIZqN4QMkn3J6Vj9b0X:/ngHKYfXTkXy0Zqaa3J490X

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM1MzgwODUxMjM2NjQxMTc5Ng.GO4sM5.j1mtJd6VCo06QnfdCJwfZCmRJYy7JZ_1Gz8_ic
server_id
1354644327229423779

Targets

- Target
  
  CCleanerPrenium.exe
- Size
  
  576KB
- MD5
  
  e3fbf000f0cb88f22399a9dc2ee979ed
- SHA1
  
  5159b6bdd26f852341efce2b1731805f9066b2f0
- SHA256
  
  399d5632b1f33414b80fd040ec4cdec4a4e008b700d1e41134aab794142a1695
- SHA512
  
  703d579fbbd7732dab0b81ec100d6296ce92e663ec8f1ef7b3d176fd296667ba6e734b60ffc83e4ae28062913b2c969a92de3bf4ff20af723242ccf620ff0b7d
- SSDEEP
  
  12288:/ngM8K8P4ElXddah8kyDIZqN4QMkn3J6Vj9b0X:/ngHKYfXTkXy0Zqaa3J490X
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer