discordrat | 6624c79c2c07fbcb8d4244fadd4e16ad4c536c187c25acaf3b831fff7cbda3c9 | Triage

Sharing

General

Target

yjnclient-v3.exe
Size

78KB
Sample

240625-ah3a2ashrq
MD5

f758d08d23a5ddf8905d5c17084abf07
SHA1

b237a04b0ab5374f41ec90186d1de0250569a82d
SHA256

6624c79c2c07fbcb8d4244fadd4e16ad4c536c187c25acaf3b831fff7cbda3c9
SHA512

7fd582bb2c319d1cd43efa1d01420f2e58378c15542c044b2450da0da0112a55ae98afd52e851da767d487456927556152d3925ef11194c35bb25bcc9b7f747f
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+BAPIC:5Zv5PDwbjNrmAE+OIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NDkyMzczMDE3ODY3NDgwMw.GNKnH3._2hi153EQeLcF4SWSwr0pQuzH__TVonJih1mFM
server_id
1254923576340119644

Targets

- Target
  
  yjnclient-v3.exe
- Size
  
  78KB
- MD5
  
  f758d08d23a5ddf8905d5c17084abf07
- SHA1
  
  b237a04b0ab5374f41ec90186d1de0250569a82d
- SHA256
  
  6624c79c2c07fbcb8d4244fadd4e16ad4c536c187c25acaf3b831fff7cbda3c9
- SHA512
  
  7fd582bb2c319d1cd43efa1d01420f2e58378c15542c044b2450da0da0112a55ae98afd52e851da767d487456927556152d3925ef11194c35bb25bcc9b7f747f
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+BAPIC:5Zv5PDwbjNrmAE+OIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer