discordrat | 0bfc1382aa6e0329b1787ba6e1da7c615698c40ebe3acc4c7eaf59393127e7ca | Triage

Sharing

General

Target

Client-built.bat
Size

276KB
Sample

240513-g9429sde67
MD5

0c82a2b143ba3344234988e76a83fb9e
SHA1

41867630fed3a008020947c217b2d3029f0f7203
SHA256

0bfc1382aa6e0329b1787ba6e1da7c615698c40ebe3acc4c7eaf59393127e7ca
SHA512

491799b57350191479067677d9e98dd6dfb6f4e3755acbf806cbf9f7a5f4109822f03fbe7e216cfb19d8ccab49593b3fd07a06e524f8d75bb7a8e22b9b147e03
SSDEEP

6144:Rf7Ie6igEJsHvviyhG8gbKXFOyPUCWxyRKuwlAvB1PIg:VrgEYvviyKuSxLuwlAv/Ig

Score

10^/10

discordrat execution persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMjYwMTc0NTU0OTgxOTkyNA.G6ob17.hVj0y7t0oSi-tGvj_U-QqOqKV-xvE9qC8cf2k4
server_id
1239461504776933396

Targets

- Target
  
  Client-built.bat
- Size
  
  276KB
- MD5
  
  0c82a2b143ba3344234988e76a83fb9e
- SHA1
  
  41867630fed3a008020947c217b2d3029f0f7203
- SHA256
  
  0bfc1382aa6e0329b1787ba6e1da7c615698c40ebe3acc4c7eaf59393127e7ca
- SHA512
  
  491799b57350191479067677d9e98dd6dfb6f4e3755acbf806cbf9f7a5f4109822f03fbe7e216cfb19d8ccab49593b3fd07a06e524f8d75bb7a8e22b9b147e03
- SSDEEP
  
  6144:Rf7Ie6igEJsHvviyhG8gbKXFOyPUCWxyRKuwlAvB1PIg:VrgEYvviyKuSxLuwlAv/Ig
Score

10^/10

discordrat execution persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratexecutionpersistenceratrootkitstealer