discordrat | 55897406bcc2b5c3ba05b57e97bbc69a2eb5a2941b90a2982e2d3c89d57fbfb9 | Triage

Submit
Reports

Overview

overview

Static

static

3

[email protected]

windows10-2004-x64

Sharing

General

Target

[email protected]
Size

302KB
Sample

240225-nqhhgsaf36
MD5

ee6160c1a4a92c9660402f147b560431
SHA1

045c5019a2557de570a7ffc0270d4b4939bbf855
SHA256

55897406bcc2b5c3ba05b57e97bbc69a2eb5a2941b90a2982e2d3c89d57fbfb9
SHA512

64189d777a33eedbac2979af87e196e099565b0ca53f842c74bf2826d3c11a1aeaed82823e9089ac8e28e8b0075f6333e64062c6e92ff2696ffd4b88d29ea811
SSDEEP

6144:vCGaECnpAoDO1A8dg3iTPJLMfgQZycxF+Ii:6GHCnaomAEg3uPdkgWycxF+t

Score

10^/10

discordrat persistence rat rootkit stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

[email protected]

Resource

win10v2004-20240221-en

discordrat persistence rat rootkit stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMDQ1NjY0ODQ1MjQxNTUwOA.Gh0y7q.0U1kmcgYc3Agu4PPdar0sgV_bW8X8ZoS9NlBm8
server_id
1210454330054807572

Targets

- Target
  
  [email protected]
- Size
  
  302KB
- MD5
  
  ee6160c1a4a92c9660402f147b560431
- SHA1
  
  045c5019a2557de570a7ffc0270d4b4939bbf855
- SHA256
  
  55897406bcc2b5c3ba05b57e97bbc69a2eb5a2941b90a2982e2d3c89d57fbfb9
- SHA512
  
  64189d777a33eedbac2979af87e196e099565b0ca53f842c74bf2826d3c11a1aeaed82823e9089ac8e28e8b0075f6333e64062c6e92ff2696ffd4b88d29ea811
- SSDEEP
  
  6144:vCGaECnpAoDO1A8dg3iTPJLMfgQZycxF+Ii:6GHCnaomAEg3uPdkgWycxF+t
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

© 2018-2025

Terms | Privacy