discordrat | 1b7436c39f931d8118c2180cd499f0de6ebe5a061c45a34425ca652471617864 | Triage

Sharing

General

Target

Client-built.zip
Size

28KB
Sample

240703-x6gessthpm
MD5

15986d49da966669e241d6a9c8950ac0
SHA1

7f6a6e8ee66937626e0514d8c1a0736629934fc2
SHA256

1b7436c39f931d8118c2180cd499f0de6ebe5a061c45a34425ca652471617864
SHA512

c1f9982792708343f9dcf8a9ff45d03d037d01365646e7fcb5e9bdd96c7826b75dd0bc7a890409bb114947e87ab3e4ab96289db86109c3e1213fe34e43d69d48
SSDEEP

768:Q+5lz6yZDgr9OtA8dozFbWvwQ0THkEH5DrL+:3d2rvrQexo

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NzYyMjc1MDMwNzA5NDYwOQ.G75kCj.oUUW-eN7iy9fOSU_z7eZ2sZU33L8Wqa1p6jziw
server_id
1247622541909164062

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  702e3d2fe467271a3e3f892bfe309cc4
- SHA1
  
  48694b9e4bd02a1e7c0c68b09cfa3952913f6113
- SHA256
  
  bb5c3700d7aed3cf8da3e655577f36bd8662566312488cf85035bd310c50f6cb
- SHA512
  
  0e9e3f0ec6cfe3cff8bbff5dda0ffcf562cfce804552a16e2f2e2ae3897d9c793256ee9196cff4282c467f5ab6758095f69a3dd293a3608f8665968efe49f6ed
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+rPIC:5Zv5PDwbjNrmAE+DIC
Score

10^/10

discordrat persistence rat rootkit stealer spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitspywarestealer