discordrat | d8d70f8222cb043f5827c80bb28ccaf7266a39363da28dcf885cda271b8a62ca | Triage

Sharing

General

Target

nezur.exe
Size

78KB
Sample

240225-mpff3aae61
MD5

e831f10cb1c43f28a9658112b7ec6559
SHA1

3de63160c452d10ebb7110efcacc8381437ad740
SHA256

d8d70f8222cb043f5827c80bb28ccaf7266a39363da28dcf885cda271b8a62ca
SHA512

f779d384a427cb5908ca6ab8a2225c8a728aed2c98214a8341e890a320dde39b3686bed2ee39b218f0e4549c22db4873cdbb394efb6904d9d7a330c6c28ed322
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+lPIC:5Zv5PDwbjNrmAE+1IC

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTIyODQ1ODYzODkwNTM0NA.Gc5rxI.tki81IIJdEi8ki427aBYEnXg_1rjEWPO21iAY0
server_id
1210969019700486185

Targets

- Target
  
  nezur.exe
- Size
  
  78KB
- MD5
  
  e831f10cb1c43f28a9658112b7ec6559
- SHA1
  
  3de63160c452d10ebb7110efcacc8381437ad740
- SHA256
  
  d8d70f8222cb043f5827c80bb28ccaf7266a39363da28dcf885cda271b8a62ca
- SHA512
  
  f779d384a427cb5908ca6ab8a2225c8a728aed2c98214a8341e890a320dde39b3686bed2ee39b218f0e4549c22db4873cdbb394efb6904d9d7a330c6c28ed322
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+lPIC:5Zv5PDwbjNrmAE+1IC
Score

10^/10

discordrat persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitspywarestealer