discordrat | 628d9e3a5515899777f9b2ef321673cadf93734a035adf1ffedd94cce3c3a499 | Triage

Sharing

General

Target

CatWare-Nuker.exe
Size

290KB
Sample

240225-yz5pgsbb74
MD5

47685feb5e2eeacc958c1efd25633b1a
SHA1

261cafb2622320dc14dcfefc31481628582518c9
SHA256

628d9e3a5515899777f9b2ef321673cadf93734a035adf1ffedd94cce3c3a499
SHA512

887f83ad6444a0b4d6600c27f7db9f4fa60b97362b7ab66ac62e60256b6af2111a67a74e2bf8f638dbd3295b2c18a429e147a4a344a7a7552a6156707ffad9be
SSDEEP

6144:wv5PDwbBrBIYFOb9cYYXNHqicllitUczh6B9R2d9VxYEls1FjJxqa:wv5b8eCrdVc3iT6o9w

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTA5OTM2NzcyMTc5NTYzNA.G70pQ3.qyY48cmh2SJtYIOWlG3foa8Y6OUXwjioSm1FOU
server_id
1211092147235987486

Targets

- Target
  
  CatWare-Nuker.exe
- Size
  
  290KB
- MD5
  
  47685feb5e2eeacc958c1efd25633b1a
- SHA1
  
  261cafb2622320dc14dcfefc31481628582518c9
- SHA256
  
  628d9e3a5515899777f9b2ef321673cadf93734a035adf1ffedd94cce3c3a499
- SHA512
  
  887f83ad6444a0b4d6600c27f7db9f4fa60b97362b7ab66ac62e60256b6af2111a67a74e2bf8f638dbd3295b2c18a429e147a4a344a7a7552a6156707ffad9be
- SSDEEP
  
  6144:wv5PDwbBrBIYFOb9cYYXNHqicllitUczh6B9R2d9VxYEls1FjJxqa:wv5b8eCrdVc3iT6o9w
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer