discordrat | hxxps://github[.]com | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://github.com

windows7-x64

Resubmissions

29-03-2024 12:01

240329-n65mysha44 10

25-03-2024 13:27

240325-qqd66scb3t 1

25-03-2024 10:58

240325-m28clsgg6x 10

Sharing

General

Target

https://github.com
Sample

240329-n65mysha44

Score

10^/10

discordrat stealerium evasion persistence rat rootkit stealer upx

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://github.com

Resource

win7-20240221-en

discordrat stealerium evasion persistence rat rootkit stealer upx

windows7-x64

34 signatures

1800 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwNDE2NTY4Njk3NzYyNjEyMg.GRhsTy.8H7CIfq-yp21uNxoK32TwO-EvLKKe8OdYxHSeY
server_id
1204166943272075375

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1198109936962523207/lCQU_FP9ZB1b0q8fk_yTE8P2eBnjZiVz3Zb0cBvBttRQhZqr3Q71JCUV-x38qBEwIjcp

Targets

- Target
  
  https://github.com
Score

10^/10

discordrat stealerium evasion persistence rat rootkit stealer upx
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

urlscan1

behavioral1

discordratstealeriumevasionpersistenceratrootkitstealerupx

© 2018-2025

Terms | Privacy