discordrat | 854d608165b291d469b2512be40803242d9379ef58087da9096f3ee93da37920 | Triage

Sharing

General

Target

Test.exe
Size

78KB
Sample

240708-w2rvasvcpa
MD5

bbbb9f0fb811b0428806262bda7deae4
SHA1

f6ca297ca8b2d3aa499a9e24a51de252f7f35276
SHA256

854d608165b291d469b2512be40803242d9379ef58087da9096f3ee93da37920
SHA512

bba651156550bc001f41156766d80046aa6e5dd755c9af2e037c81922175c61513a2c94081c9942a1d749c9c712ac7f24ff86be181962874f684e1b19bfba2b2
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+SPIC:5Zv5PDwbjNrmAE+eIC

Score

10^/10

discordrat persistence ransomware rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NzY0ODI3NjkwNDI4NDIxMQ.GzYU-o.gTVjR5kc0qgiHq8KPJLw_Xg1mnEgJyOsa1wDxU
server_id
1247801636122787851

Targets

- Target
  
  Test.exe
- Size
  
  78KB
- MD5
  
  bbbb9f0fb811b0428806262bda7deae4
- SHA1
  
  f6ca297ca8b2d3aa499a9e24a51de252f7f35276
- SHA256
  
  854d608165b291d469b2512be40803242d9379ef58087da9096f3ee93da37920
- SHA512
  
  bba651156550bc001f41156766d80046aa6e5dd755c9af2e037c81922175c61513a2c94081c9942a1d749c9c712ac7f24ff86be181962874f684e1b19bfba2b2
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+SPIC:5Zv5PDwbjNrmAE+eIC
Score

10^/10

discordrat persistence ransomware rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratpersistenceransomwareratrootkitstealer