discordrat | 4c8339c4f86b67e16c8840e953771bae4c13395e3ed512a15564be948275e39a | Triage

Sharing

General

Target

MentarLossUpdate.exe
Size

78KB
Sample

240229-zdvstsbg8y
MD5

2e007e2d8f5ca6a1f57562573798b65c
SHA1

08e58cc517f07a15df237dad8b0c883a75dc69a8
SHA256

4c8339c4f86b67e16c8840e953771bae4c13395e3ed512a15564be948275e39a
SHA512

815f555000a88b7e10ffff924205bac051ed2276b795cf7697d90ca95d3a48867e016c79b7964cf1f66d9da7919e5f83c4a4c13693c335e0f52b9469e610bc52
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMjIyMTExOTEwOTc5MTg0NA.GSxPDa.WoIS-Jic_avy2czubqMhJTApb7-gSDPlpVayIY
server_id
1212208594473197568

Targets

- Target
  
  MentarLossUpdate.exe
- Size
  
  78KB
- MD5
  
  2e007e2d8f5ca6a1f57562573798b65c
- SHA1
  
  08e58cc517f07a15df237dad8b0c883a75dc69a8
- SHA256
  
  4c8339c4f86b67e16c8840e953771bae4c13395e3ed512a15564be948275e39a
- SHA512
  
  815f555000a88b7e10ffff924205bac051ed2276b795cf7697d90ca95d3a48867e016c79b7964cf1f66d9da7919e5f83c4a4c13693c335e0f52b9469e610bc52
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer