discordrat | 52be3b91781d67fc47a8c57035ee3b7a63157062105833a6e7e37e53fce87487 | Triage

Sharing

General

Target

Microsoft Windows Search Protocol Host.exe
Size

83.1MB
Sample

240420-ecvq8agd6z
MD5

db7547dd16de219ddd802249edc8b836
SHA1

df769131ed7f844ebba99b5bdfd7ee64d931ff86
SHA256

52be3b91781d67fc47a8c57035ee3b7a63157062105833a6e7e37e53fce87487
SHA512

921f7246100917b1a3e8bdcab672adaf6b4f5c493fcec40b355bf883cd3081a7e2f4f2fe92937143dc467a467540876aa64c0631f9e1eb408bd414042f416859
SSDEEP

1572864:cddzlkR0Nf4amAXDtx+SotbqpWCpIPsdNvFw2pdsdW5JzIsqZvJH:W+DaDXdM6lCsH9w2pdsdW5Wbv1

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzMTA1NzI4MTM2MjQzMjEwMw.GqS2R9.POtFa_pdzS_mi2VjvgY9ceyf-OtuUfRBAGmViY
server_id
1231045348793778197

Targets

- Target
  
  Microsoft Windows Search Protocol Host.exe
- Size
  
  83.1MB
- MD5
  
  db7547dd16de219ddd802249edc8b836
- SHA1
  
  df769131ed7f844ebba99b5bdfd7ee64d931ff86
- SHA256
  
  52be3b91781d67fc47a8c57035ee3b7a63157062105833a6e7e37e53fce87487
- SHA512
  
  921f7246100917b1a3e8bdcab672adaf6b4f5c493fcec40b355bf883cd3081a7e2f4f2fe92937143dc467a467540876aa64c0631f9e1eb408bd414042f416859
- SSDEEP
  
  1572864:cddzlkR0Nf4amAXDtx+SotbqpWCpIPsdNvFw2pdsdW5JzIsqZvJH:W+DaDXdM6lCsH9w2pdsdW5Wbv1
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer