discordrat | 6e5a7e84c00bb60841597ca8d72e1c97df3b65a5c983a38c7e30123d80c2b353 | Triage

Sharing

General

Target

FNcheats-external V2.zip
Size

276KB
Sample

240705-x14m5swema
MD5

42d568ccb0414085ad31aefcc234cfe3
SHA1

51bd9a739f500b3c8ea9de978fe0227b1ff8ca67
SHA256

6e5a7e84c00bb60841597ca8d72e1c97df3b65a5c983a38c7e30123d80c2b353
SHA512

ab015818d1d22c0b1d7af623099d4f96618ead26c390e464fcfbd2a501762539c93876cfc5d95178ddbe916edd6a4e1adce35387da6969a9e397d746cb18ead9
SSDEEP

6144:6CoMo2n9dH5M2vkm0y3Cl3pId9RC9pvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vim:VoMo2n9dH5M2vkm0y3Cl3pId9RC9pvZq

Score

10^/10

discordrat evasion persistence privilege_escalation rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1ODYyODA0MjA5NjUwODkyOA.GGFvBA.PJRyO9Y1MLr7S58RTAV0VkCKcrUamDKm39x04w
server_id
1258309505909919774

Targets

- Target
  
  FNcheats-external V2.zip
- Size
  
  276KB
- MD5
  
  42d568ccb0414085ad31aefcc234cfe3
- SHA1
  
  51bd9a739f500b3c8ea9de978fe0227b1ff8ca67
- SHA256
  
  6e5a7e84c00bb60841597ca8d72e1c97df3b65a5c983a38c7e30123d80c2b353
- SHA512
  
  ab015818d1d22c0b1d7af623099d4f96618ead26c390e464fcfbd2a501762539c93876cfc5d95178ddbe916edd6a4e1adce35387da6969a9e397d746cb18ead9
- SSDEEP
  
  6144:6CoMo2n9dH5M2vkm0y3Cl3pId9RC9pvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vim:VoMo2n9dH5M2vkm0y3Cl3pId9RC9pvZq
Score

10^/10

discordrat evasion persistence privilege_escalation rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratevasionpersistenceprivilege_escalationratrootkitstealer