Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    78KB

  • Sample

    240707-t99zqsxfrh

  • MD5

    54ec7b5f254a6eeff12e3d868506eb67

  • SHA1

    608028102ad903d471ee3c4c92a1d7e10f5cd821

  • SHA256

    db79dd63cecd45d56db4316a8492a5955022ab9351b09bed759ddae655ce0612

  • SHA512

    843382ccc77caa7b9dd2fbca845dd1b9b16d30c35358e05fbbd080aad333a1990cd4d02d13c948607a62da8c60c258ca0f3a6541e35b9717e9597eca287b4404

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+ePIC:5Zv5PDwbjNrmAE+aIC

Score
10/10
discordratpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1OTI1MTUwMDgzMjY1MzQwMw.Gm7X5G.TUy6pPgT32GEzX7i2ISOKZHUFp777SsSI5Uxcs

  • server_id

    1259251939208855572

Targets

    • Target

      Client-built.exe

    • Size

      78KB

    • MD5

      54ec7b5f254a6eeff12e3d868506eb67

    • SHA1

      608028102ad903d471ee3c4c92a1d7e10f5cd821

    • SHA256

      db79dd63cecd45d56db4316a8492a5955022ab9351b09bed759ddae655ce0612

    • SHA512

      843382ccc77caa7b9dd2fbca845dd1b9b16d30c35358e05fbbd080aad333a1990cd4d02d13c948607a62da8c60c258ca0f3a6541e35b9717e9597eca287b4404

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+ePIC:5Zv5PDwbjNrmAE+aIC

    Score
    10/10
    discordratpersistenceratrootkitstealerspyware

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks