discordrat | 0254f150e1cdc3d3eaed66f447d504546f373bfcc859bd734318cc591396af3b | Triage

Sharing

General

Target

AVRgpj.exe
Size

297KB
Sample

240526-pvzs1aeb83
MD5

dbd179cc8f595d2dcd06ce5f311e1e24
SHA1

479d4a7ad52dc0f6c58af549fcc923597cbc37e0
SHA256

0254f150e1cdc3d3eaed66f447d504546f373bfcc859bd734318cc591396af3b
SHA512

5c9bed345d476d80892a58054cebf814c298bb7a61ad097ece8b75deb9b85004c452c63fca1c0047e00e96650beecf905c513dfeb43ccc0a2ec4261268fb292a
SSDEEP

6144:jIIcrXQ4S33w614mazUBHfSdocWYD24Oa6H8DnJanjrEKBjkX:NcrNS33L10QdrXjR8DnJwjrFaX

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NDI2MjA4MDQ2NzQzOTY4OQ.GEmRlk.y7FwMWQJO6hXjnP2izfKreLqlEjH5raquqQ4R0
server_id
1241111187761004696

Targets

- Target
  
  AVRgpj.exe
- Size
  
  297KB
- MD5
  
  dbd179cc8f595d2dcd06ce5f311e1e24
- SHA1
  
  479d4a7ad52dc0f6c58af549fcc923597cbc37e0
- SHA256
  
  0254f150e1cdc3d3eaed66f447d504546f373bfcc859bd734318cc591396af3b
- SHA512
  
  5c9bed345d476d80892a58054cebf814c298bb7a61ad097ece8b75deb9b85004c452c63fca1c0047e00e96650beecf905c513dfeb43ccc0a2ec4261268fb292a
- SSDEEP
  
  6144:jIIcrXQ4S33w614mazUBHfSdocWYD24Oa6H8DnJanjrEKBjkX:NcrNS33L10QdrXjR8DnJwjrFaX
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer