discordrat | c6347e059cf0a97401735676bb94b9cdc0d00da63b44c59e4164088392c70e52 | Triage

Sharing

General

Target

fjTqKmzL
Size

17KB
Sample

240619-vvqszszbpn
MD5

41e5bd906c34fe02f6f803b944f0e3fd
SHA1

d19842a43159f16bfe12bbaa11f4116ae4ae1f46
SHA256

c6347e059cf0a97401735676bb94b9cdc0d00da63b44c59e4164088392c70e52
SHA512

d4c37e086b9234ea96cfeea5531dd387a58ddf6e2cd4265a082f1337f6a994c95564b03557e36f0e59e45d768be8020b340206ef63cc2284f2fe7cf9e545705c
SSDEEP

384:KFVFD+WIE7kbqkmg9x+DZzzsg2RrgoAOnC0JqsTSpF6:M3DZ37kbqS9YZlsTSpF6

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
OTM2NzI3NjI5MzcxOTQ0OTcw.GCVcP3.D4dApx2x4azOpAyDrEB1pg1kJu_UOP1ZpW7FgY
server_id
1252722525725659238

Targets

- Target
  
  fjTqKmzL
- Size
  
  17KB
- MD5
  
  41e5bd906c34fe02f6f803b944f0e3fd
- SHA1
  
  d19842a43159f16bfe12bbaa11f4116ae4ae1f46
- SHA256
  
  c6347e059cf0a97401735676bb94b9cdc0d00da63b44c59e4164088392c70e52
- SHA512
  
  d4c37e086b9234ea96cfeea5531dd387a58ddf6e2cd4265a082f1337f6a994c95564b03557e36f0e59e45d768be8020b340206ef63cc2284f2fe7cf9e545705c
- SSDEEP
  
  384:KFVFD+WIE7kbqkmg9x+DZzzsg2RrgoAOnC0JqsTSpF6:M3DZ37kbqS9YZlsTSpF6
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2