discordrat | 9acd8e535349390dc697a12ed6c654a0011b95850f20d6dc91a6c3e7dd0a1374 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Pulse.zip
Size

40.8MB
Sample

240222-aszynahf58
MD5

352b977dd6bd00360e7146c5278ede3e
SHA1

f8f998cdaa201f10996b43bf2acec54841987865
SHA256

9acd8e535349390dc697a12ed6c654a0011b95850f20d6dc91a6c3e7dd0a1374
SHA512

5448b4cc19721a4b30e91573932ed077fe9068de9ae93f20c8f9c4364a295688e6266567460151fb89a5656259ac62ab7b5d8fd8e9f83131f884356ceefa88bf
SSDEEP

786432:jAfxvCCLU7/bjppkLU2eT0fFaDGyf5/wU+HMkbZAH/gkAOtSbWR7Db8S:ixvCCLsbzko2G0NhglHIkCO7kS

Score

10^/10

discordrat empyrean persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5MjYyNjk3OTI5NjUzMDU4Mg.Gkmw1A.uzdxvrJmBbLe9WAmB3tj-e7z3IRRqJBLc79PR0
server_id
1168288064578256976

Targets

- Target
  
  Pulse/Puls3.exe
- Size
  
  78KB
- MD5
  
  51d9e7c5add36e54a3d502dac1afe1a1
- SHA1
  
  6e688edfed4312cd80eeebc732cee5fbf27c6938
- SHA256
  
  11c74b6ac577cde4263d36a157297570f8cb0fd7a49952dba66f120dace50589
- SHA512
  
  90cee8b03e128fadcf6e46f012d457baf0eb8e3ee0d7f915b9d2c34e79e818a3f82b00169c88820003e7e40392bf050708d768686944ff7726192e3d9e76c03a
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

discordratempyrean

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer