discordrat | 34e3ef1782f00fc1145dcd343ad0bb4dd3b1e6b339ec44e894457ed993c96180 | Triage

Sharing

General

Target

free_robux.exe
Size

60KB
Sample

240414-xx91rabc85
MD5

2e507f0800812783436579e8c6b39c08
SHA1

ab33967acff2c926af1b37665d552242cda0c66b
SHA256

34e3ef1782f00fc1145dcd343ad0bb4dd3b1e6b339ec44e894457ed993c96180
SHA512

5f085ce73807baf14888de4f6ea2e0fb0ec3f60dfbd4de5db219d434a0b69044d7f434f7f7e295572b925f0fba5dacc3debb8adda6d4f51f555883774dcafa50
SSDEEP

768:HX06/2vJPE9g8CoiesliFBl3WnWRPlNz30iB9L1zIOJlqYWoK4Xo:E6/2vO9g8CoiedwWRNxDzaoc

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTA2ODI0MTMyMDk4MTgyNzU5NA.GDi6tE.t2T-c9UBEtvdju9XJt2A5HWfqJ2wasQ2apTfdg
server_id
1068241914974974063

Targets

- Target
  
  free_robux.exe
- Size
  
  60KB
- MD5
  
  2e507f0800812783436579e8c6b39c08
- SHA1
  
  ab33967acff2c926af1b37665d552242cda0c66b
- SHA256
  
  34e3ef1782f00fc1145dcd343ad0bb4dd3b1e6b339ec44e894457ed993c96180
- SHA512
  
  5f085ce73807baf14888de4f6ea2e0fb0ec3f60dfbd4de5db219d434a0b69044d7f434f7f7e295572b925f0fba5dacc3debb8adda6d4f51f555883774dcafa50
- SSDEEP
  
  768:HX06/2vJPE9g8CoiesliFBl3WnWRPlNz30iB9L1zIOJlqYWoK4Xo:E6/2vO9g8CoiedwWRNxDzaoc
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer