discordrat | d0696ae3dfc83c80cdaf0bb50aa0b7ca04c362177c3bb12ab79a355d261c5465 | Triage

Resubmissions

23-05-2024 16:42

240523-t7qs3shd6s 10

Sharing

General

Target

SolaraBETA.exe
Size

164KB
Sample

240523-t7qs3shd6s
MD5

ef3211af9aefd0a032cd9fbb3c46d1e2
SHA1

b6e09ec37c2e50aec3e186b4b80696bc5fbdc1ec
SHA256

d0696ae3dfc83c80cdaf0bb50aa0b7ca04c362177c3bb12ab79a355d261c5465
SHA512

fed323033bb2868183eb5770a6ddb1e745db93dca7d23245ad94c32fc7ce223289cad62e48a8674e38e810c52de9eef1993efae2100e13cde0f78d070b0578cd
SSDEEP

3072:2Zv5PDwbjNrmAE+4IjLdGgCvZuT75lTT3MJObhH:Wv5PDwbBrUIjLdvm27wJON

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5NTg0ODc1MjI0NjgyNTA1Mg.G4P4wp.zMWMnomJQlTXAmzFNKlIfb-ParaaB86MEq0gOY
server_id
1234555349349040179

Targets

- Target
  
  SolaraBETA.exe
- Size
  
  164KB
- MD5
  
  ef3211af9aefd0a032cd9fbb3c46d1e2
- SHA1
  
  b6e09ec37c2e50aec3e186b4b80696bc5fbdc1ec
- SHA256
  
  d0696ae3dfc83c80cdaf0bb50aa0b7ca04c362177c3bb12ab79a355d261c5465
- SHA512
  
  fed323033bb2868183eb5770a6ddb1e745db93dca7d23245ad94c32fc7ce223289cad62e48a8674e38e810c52de9eef1993efae2100e13cde0f78d070b0578cd
- SSDEEP
  
  3072:2Zv5PDwbjNrmAE+4IjLdGgCvZuT75lTT3MJObhH:Wv5PDwbBrUIjLdvm27wJON
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer