discordrat | 445e8e980c9ed096e55898149a625d436686b24d870c0ed08ae81b97ed4d5866 | Triage

Sharing

General

Target

friegpj.exe
Size

521KB
Sample

250416-y7fqbsyq15
MD5

fa686ae2f0713ae1b02296047ebcc87d
SHA1

c07002d6a973789c28091495fc36e7ce1f2db93d
SHA256

445e8e980c9ed096e55898149a625d436686b24d870c0ed08ae81b97ed4d5866
SHA512

1ccb1877fe52a399a1dc4c2ac1de8c3f56772b13cd0bec053558fc90334bd291894b49f57120f0f9388431498df91be082ae5ac7bc18db3b5abc367d521f3f51
SSDEEP

12288:ZyveQB/fTHIGaPkKEYzURNAwbAg8XIAVVsaz1J/CS:ZuDXTIGaPhEYzUzA0qpdzHaS

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM2MTg0MjQwNDY2Mjk2ODQ0Mg.GbO_ZS.7BypD_7qCEnOjM1Bcz1ic7kfHpyO7HfeBvYCVY
server_id
1361842784121782312

Targets

- Target
  
  friegpj.exe
- Size
  
  521KB
- MD5
  
  fa686ae2f0713ae1b02296047ebcc87d
- SHA1
  
  c07002d6a973789c28091495fc36e7ce1f2db93d
- SHA256
  
  445e8e980c9ed096e55898149a625d436686b24d870c0ed08ae81b97ed4d5866
- SHA512
  
  1ccb1877fe52a399a1dc4c2ac1de8c3f56772b13cd0bec053558fc90334bd291894b49f57120f0f9388431498df91be082ae5ac7bc18db3b5abc367d521f3f51
- SSDEEP
  
  12288:ZyveQB/fTHIGaPkKEYzURNAwbAg8XIAVVsaz1J/CS:ZuDXTIGaPhEYzUzA0qpdzHaS
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer