discordrat | 5cac485680e36e9e3cea0867d1373edff3a8995a20d21a2b7aa38247a0a3eb1d | Triage

Submit
Reports

Overview

overview

Static

static

3

spoofer.exe

windows7-x64

spoofer.exe

windows10-2004-x64

Sharing

General

Target

spoofer.exe
Size

442KB
Sample

240119-19mmrsfbe8
MD5

d5a84036071756dee960de255bd6ab94
SHA1

83b439582a8f3392f18dde97b56d937c518b1cd2
SHA256

5cac485680e36e9e3cea0867d1373edff3a8995a20d21a2b7aa38247a0a3eb1d
SHA512

fe0dec1e8422d9dd74431ccccff23e7083d356498ff98dc1c5680e1553c5145dbf1c854e48263c5d58a18c87c7bc7016294518ec1491045da7f62c1077a07779
SSDEEP

12288:3o0NHvykT8QNmJCDWs2qUa3zYgNl3Qc65snvJ:3phFT8QC6WsVUM7NxQcsaJ

Score

10^/10

discordrat umbral evasion persistence rat rootkit stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

spoofer.exe

Resource

win7-20231215-en

discordrat umbral evasion persistence rat rootkit stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

spoofer.exe

Resource

win10v2004-20231222-en

discordrat umbral evasion persistence rat rootkit stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5MzczNzA3MzIzNzE4MDQyNg.GQDWc0.k4Yc3XgNEdmji15f8P6ui2A0sVB2zvpOmkNPlw
server_id
1196510448573489273

Extracted

Family

umbral

C2

https://ptb.discord.com/api/webhooks/1197286741825048616/mPoY62Pti_IE-hGcDYD9Kd5GhKzKQHzuySPby-xlg9GCRDWrviTGJ9au_QMU1pKDVh50

Targets

- Target
  
  spoofer.exe
- Size
  
  442KB
- MD5
  
  d5a84036071756dee960de255bd6ab94
- SHA1
  
  83b439582a8f3392f18dde97b56d937c518b1cd2
- SHA256
  
  5cac485680e36e9e3cea0867d1373edff3a8995a20d21a2b7aa38247a0a3eb1d
- SHA512
  
  fe0dec1e8422d9dd74431ccccff23e7083d356498ff98dc1c5680e1553c5145dbf1c854e48263c5d58a18c87c7bc7016294518ec1491045da7f62c1077a07779
- SSDEEP
  
  12288:3o0NHvykT8QNmJCDWs2qUa3zYgNl3Qc65snvJ:3phFT8QC6WsVUM7NxQcsaJ
Score

10^/10

discordrat umbral evasion persistence rat rootkit stealer trojan
- Detect Umbral payload
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratumbralevasionpersistenceratrootkitstealertrojan

behavioral2

discordratumbralevasionpersistenceratrootkitstealertrojan

© 2018-2025

Terms | Privacy