discordrat | ab216a4c330fce82b5bf0449d35fd2d7d9c89a47c0d80e2278d272a99f420687

General

Target

Client-built.exe
Size

78KB
Sample

240416-x8cjmacb4x
MD5

bc2d2dd6fe16371f18c219fa523d5c93
SHA1

7d1e801321c72587a7d0aa49e4f43555e7758789
SHA256

ab216a4c330fce82b5bf0449d35fd2d7d9c89a47c0d80e2278d272a99f420687
SHA512

174bd64722e56bcf14f4b4610894c4b332932e34e1bdd7c2421a63644ee24f8c86a2a9902579a8baaf44c91e70db9092e21196fc28e1cc621d4c28df385876d3
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTEwNjU4NzkwNTg0MzAxNTczMQ.Gy9GZf.nefUfqGXXz1F_0UeH8PUa3eemxkDVD-rvvZ3VI
server_id
1215373982082146314

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  bc2d2dd6fe16371f18c219fa523d5c93
- SHA1
  
  7d1e801321c72587a7d0aa49e4f43555e7758789
- SHA256
  
  ab216a4c330fce82b5bf0449d35fd2d7d9c89a47c0d80e2278d272a99f420687
- SHA512
  
  174bd64722e56bcf14f4b4610894c4b332932e34e1bdd7c2421a63644ee24f8c86a2a9902579a8baaf44c91e70db9092e21196fc28e1cc621d4c28df385876d3
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC
Score

10^/10

discordrat persistence rat rootkit stealer spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Suspicious use of NtCreateUserProcessOtherParentProcess

Downloads MZ/PE file

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2