discordrat | b043adb2fe7b0175cc5a83133de3f91c9fcb18c3899566556167b20ad7525961 | Triage

Submit
Reports

Overview

overview

Static

static

3

s.exe

windows10-1703-x64

Sharing

General

Target

s.exe
Size

87.6MB
Sample

240130-yek5cachdr
MD5

f93ef549ba0f00e0a73ca814059e0103
SHA1

8aafb3809cbdee022ec6d4a735788acc8f3e798f
SHA256

b043adb2fe7b0175cc5a83133de3f91c9fcb18c3899566556167b20ad7525961
SHA512

b0bbf622fd6096bfa7436ae9703a98729812a6988d7c44f89e49729bacd020e715970507d454f720d42e0e1b0c0f0a5b5f3c90026134a5ecf2050825c942e626
SSDEEP

1572864:IOLPYmqSiUpFeBrNGpZ7HWdAB7BWFtvIssO9YaqQnqo2ZbhJEw+Jaa:IodqXUpFe5NOWACIw5tgZFJW8

Score

10^/10

discordrat umbral evasion persistence pyinstaller rat rootkit stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

s.exe

Resource

win10-20231215-en

discordrat umbral evasion persistence pyinstaller rat rootkit stealer upx

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1201223035659759758/D9jpWbZ96iiho5Ap1MRzbzaj6nzawAbRIN0vFZHs3kIfLj8Fkes9NpntqMGdoyLJRKwm

Extracted

Family

discordrat

Attributes

discord_token
MTE5MjA1NDYzMjQ3MDU0NDQzNA.GNEfe8.n8oPT8-5yxOCxz-kqIP5BZC7OkrQBAftptETH4
server_id
1150088366382121101

Targets

- Target
  
  s.exe
- Size
  
  87.6MB
- MD5
  
  f93ef549ba0f00e0a73ca814059e0103
- SHA1
  
  8aafb3809cbdee022ec6d4a735788acc8f3e798f
- SHA256
  
  b043adb2fe7b0175cc5a83133de3f91c9fcb18c3899566556167b20ad7525961
- SHA512
  
  b0bbf622fd6096bfa7436ae9703a98729812a6988d7c44f89e49729bacd020e715970507d454f720d42e0e1b0c0f0a5b5f3c90026134a5ecf2050825c942e626
- SSDEEP
  
  1572864:IOLPYmqSiUpFeBrNGpZ7HWdAB7BWFtvIssO9YaqQnqo2ZbhJEw+Jaa:IodqXUpFe5NOWACIw5tgZFJW8
Score

10^/10

discordrat umbral evasion persistence pyinstaller rat rootkit stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Detect Umbral payload
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Enumerates VirtualBox DLL files
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

Process Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratumbralevasionpersistencepyinstallerratrootkitstealerupx

© 2018-2025

Terms | Privacy