discordrat | fd87009643f3b6cfa5f335c2a1d2c4d1dc0ca6106a4d7f75734eada3b95f3d76 | Triage

Submit
Reports

Overview

overview

Static

static

3

execut0r.exe

windows11-21h2-x64

Sharing

General

Target

execut0r.exe
Size

8.8MB
Sample

240304-wzpl6aad63
MD5

9b6717d0b11c5dbff515dded2d5eec8b
SHA1

9812786de0e8d6ab2a8802b35753b4d29bbdaaaa
SHA256

fd87009643f3b6cfa5f335c2a1d2c4d1dc0ca6106a4d7f75734eada3b95f3d76
SHA512

1a0160930baf2d900dbf39d48def7af6966c9dc16906d472697e2c168b6b6712699513dc0e8a2c2119486b8f5ff83edfc0bf0d5ab0cd6222c0e3a7c502184883
SSDEEP

196608:3V5xiBq1qBIsqgHi+YI5bcZc8QXEM3SuZHUWaTpC:F5Mk1quz+YIiZcN3Su5UxpC

Score

10^/10

discordrat persistence pyinstaller rat rootkit spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

execut0r.exe

Resource

win11-20240221-en

discordrat persistence pyinstaller rat rootkit spyware stealer

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5NzYwOTgxMzYwMTk1OTk4Ng.GgsKXB.EHNlZThtGnz_SHhuJyaCkxAQVdMHBW1S3Y1PI0
server_id
1197608956537872415

Targets

- Target
  
  execut0r.exe
- Size
  
  8.8MB
- MD5
  
  9b6717d0b11c5dbff515dded2d5eec8b
- SHA1
  
  9812786de0e8d6ab2a8802b35753b4d29bbdaaaa
- SHA256
  
  fd87009643f3b6cfa5f335c2a1d2c4d1dc0ca6106a4d7f75734eada3b95f3d76
- SHA512
  
  1a0160930baf2d900dbf39d48def7af6966c9dc16906d472697e2c168b6b6712699513dc0e8a2c2119486b8f5ff83edfc0bf0d5ab0cd6222c0e3a7c502184883
- SSDEEP
  
  196608:3V5xiBq1qBIsqgHi+YI5bcZc8QXEM3SuZHUWaTpC:F5Mk1quz+YIiZcN3Su5UxpC
Score

10^/10

discordrat persistence pyinstaller rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistencepyinstallerratrootkitspywarestealer

© 2018-2025

Terms | Privacy