discordrat | 574ecf23ff525eb558619e23ceedd487d51bfc740e7309d2d33f640c2bdc3c93 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows11-21h2-x64

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

240511-jk9ybsec4z
MD5

61131f2f21913b8bb7541cee380dbe2e
SHA1

f5deb3506f57ffffcf6f9a89138bf43dd357354f
SHA256

574ecf23ff525eb558619e23ceedd487d51bfc740e7309d2d33f640c2bdc3c93
SHA512

bce15457dc1e71ac04ae93b03ab1623bdcf9af66df64addc35d227ea181dbc99a0a71e160256abcb6426f4950d0a073ec80a37143389f443d9eaf338551bfaef
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+CPIC:5Zv5PDwbjNrmAE+uIC

Score

10^/10

discordrat persistence ransomware rat rootkit spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win11-20240426-en

discordrat persistence ransomware rat rootkit spyware stealer

windows11-21h2-x64

17 signatures

1200 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzODc1NzE3NzMyNjU3MTYyMg.GuA-3-.g9QiCW1B45EpLzzB6J_2LKI2RFzAtkJhJQ1liQ
server_id
1238756667693338624

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  61131f2f21913b8bb7541cee380dbe2e
- SHA1
  
  f5deb3506f57ffffcf6f9a89138bf43dd357354f
- SHA256
  
  574ecf23ff525eb558619e23ceedd487d51bfc740e7309d2d33f640c2bdc3c93
- SHA512
  
  bce15457dc1e71ac04ae93b03ab1623bdcf9af66df64addc35d227ea181dbc99a0a71e160256abcb6426f4950d0a073ec80a37143389f443d9eaf338551bfaef
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+CPIC:5Zv5PDwbjNrmAE+uIC
Score

10^/10

discordrat persistence ransomware rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discordratpersistenceransomwareratrootkitspywarestealer

© 2018-2024

Terms | Privacy