discordrat | e6c1cccd7586150fa37740b2fc0c2ecb919b0d18d257a2f7ad223678c8552a80 | Triage

Sharing

General

Target

Sharp CS V1.bat
Size

551B
Sample

240629-qw1bla1gmq
MD5

a15cfc6331f0054de73a5353ee57bf21
SHA1

a58aa430e12ccb6eb1da97faf6144a28bec218c1
SHA256

e6c1cccd7586150fa37740b2fc0c2ecb919b0d18d257a2f7ad223678c8552a80
SHA512

3ee703a10768f76a3afa9be065becfb05c36ad67af9ad30849f1106deb153d975938901453a957900981bcf61330b4cd57e3ca4f4566289fb8114d8bbcfc0425

Score

10^/10

discordrat defense_evasion persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0MzQwMDg0MDc3NDE2MDM4NQ.Gnre8o.K_NB2WHxREqF5j5C1y9xsPSpv67TWHFacISXVA
server_id
1256564842899181648

Targets

- Target
  
  Sharp CS V1.bat
- Size
  
  551B
- MD5
  
  a15cfc6331f0054de73a5353ee57bf21
- SHA1
  
  a58aa430e12ccb6eb1da97faf6144a28bec218c1
- SHA256
  
  e6c1cccd7586150fa37740b2fc0c2ecb919b0d18d257a2f7ad223678c8552a80
- SHA512
  
  3ee703a10768f76a3afa9be065becfb05c36ad67af9ad30849f1106deb153d975938901453a957900981bcf61330b4cd57e3ca4f4566289fb8114d8bbcfc0425
Score

10^/10

discordrat defense_evasion persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratdefense_evasionpersistenceratrootkitstealer