discordrat | 8cd446387f47cd667943aba6e1e636c36fe07fb2dbc0990201fb3552ca8077e4 | Triage

Resubmissions

19-03-2024 16:53

240319-vd25pagh87 10

19-03-2024 16:51

240319-vcxhtagh56 10

Sharing

General

Target

silence.rar
Size

726KB
Sample

240319-vcxhtagh56
MD5

eb5b9e0f7e86d9d747afc116edfad2eb
SHA1

42b2cf0788d4850e0d4579b070e0ddd003f56968
SHA256

8cd446387f47cd667943aba6e1e636c36fe07fb2dbc0990201fb3552ca8077e4
SHA512

a43aeb76d2181556f5a7066ca3870cc34d83643f2500601653bf743185bdf6393bf98a2b6afee8dfe516c90b8cb78b1c727dbf36009daeed4400cccf354c6449
SSDEEP

12288:b8+iQ/KYfMFV1D0Zm/cLmEU3f+c8ZSu0nIdyAVdZ/1fF2EWxWsiFjbayXu8OOjph:bx/KWr3Ls3j8wu0IdfVTNnWiu8OOn

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwODA5NTM2NDk2MDM1NDM3NA.GizXN5._a-pu5nHBPQiBTo-MibYQvf7mDtkutfsttwhUo
server_id
1208095629734322196

Targets

- Target
  
  silence/silence-workspace.exe
- Size
  
  1.7MB
- MD5
  
  839a13e8b65aab0cb6d061ac82a8e3d4
- SHA1
  
  3de9d9d68c94493867bcb081d093bf39d45bf923
- SHA256
  
  a8741e78c8b8b86042814e65b5a7ab358f1050757de3738a0d358097db996bd3
- SHA512
  
  ea2ded5b24dc88af32673957a7cc85c5b602fec5731c4af4d3cb9859009f0af6d2b9b629253090d23715af3b8030fc5727612f92a5339e08748fad5694eff2bc
- SSDEEP
  
  49152:O0xx0GTBlPBAc2AVMlsHbeucMYc5pSoUiGG8:OWTkcH3Hyo
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer