discordrat | 3166ca8bc5b981c157a6793150b4e99de9f5741dd6e14af9b1fcfa8c052f7ce7 | Triage

Sharing

General

Target

9424d6ca1fc2ce929e79b5a8d8d3c650_NeikiAnalytics.exe
Size

78KB
Sample

240619-gjyskazcmr
MD5

9424d6ca1fc2ce929e79b5a8d8d3c650
SHA1

9a2c006699b50d5c9e4f7b73fa64f99f7622224e
SHA256

3166ca8bc5b981c157a6793150b4e99de9f5741dd6e14af9b1fcfa8c052f7ce7
SHA512

68dbab8c15f8944e8bccb6fb942f176134654a3cd644e8957b723d65197381a9ff97ef0f9e24d57008f5b14b39270cd9c7fa78674605c9f5d6e236fd7eee2487
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nJPIC:5Zv5PDwbjNrmAE+n5IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1MTE1NTAyMTY5MzcxNDQ5NA.GgQ1ag.AF8zd5W06EJvUkTZSulHyzFeNNpxflm0gfgJBs
server_id
1251156859554103347

Targets

- Target
  
  9424d6ca1fc2ce929e79b5a8d8d3c650_NeikiAnalytics.exe
- Size
  
  78KB
- MD5
  
  9424d6ca1fc2ce929e79b5a8d8d3c650
- SHA1
  
  9a2c006699b50d5c9e4f7b73fa64f99f7622224e
- SHA256
  
  3166ca8bc5b981c157a6793150b4e99de9f5741dd6e14af9b1fcfa8c052f7ce7
- SHA512
  
  68dbab8c15f8944e8bccb6fb942f176134654a3cd644e8957b723d65197381a9ff97ef0f9e24d57008f5b14b39270cd9c7fa78674605c9f5d6e236fd7eee2487
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nJPIC:5Zv5PDwbjNrmAE+n5IC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer