discordrat | hxxps://cdn[.]discordapp[.]com/attachments/1255165018316476447/1255511838292971550/3CXLoader_[.]exe?ex=667d6604&is=667c1484&hm=3dfb0e5e516e2709cfc51305ca6edf7d1956e3bcbab56a2d64f29b61a1fd9037&

Resubmissions

26-06-2024 16:25

240626-tw3nhasekf 1

26-06-2024 16:03

240626-thephs1hle 10

Sharing

Copy URL

Twitter E-mail

General

Target

https://cdn.discordapp.com/attachments/1255165018316476447/1255511838292971550/3CXLoader_.exe?ex=667d6604&is=667c1484&hm=3dfb0e5e516e2709cfc51305ca6edf7d1956e3bcbab56a2d64f29b61a1fd9037&
Sample

240626-thephs1hle

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NTM0ODAzMTI3NzEwOTMyOA.GFA2V2.Xn7ioNW4QOiq2qIR5-q8URTs5_7FhbdVLeLF14
server_id
1255347532347736107

Targets

- Target
  
  https://cdn.discordapp.com/attachments/1255165018316476447/1255511838292971550/3CXLoader_.exe?ex=667d6604&is=667c1484&hm=3dfb0e5e516e2709cfc51305ca6edf7d1956e3bcbab56a2d64f29b61a1fd9037&
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Discord RAT

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1