discordrat | 9c173fbe1731dce2731ff72991b1b2220448418434162fe1b810cd0e01d3d016 | Triage

Sharing

General

Target

FUD.vbs
Size

105KB
Sample

240708-xvnpqswgqe
MD5

2502518aa797758d68760e5c46f4fd85
SHA1

27f0b73cea1441a772d9635e4f95441ec754549c
SHA256

9c173fbe1731dce2731ff72991b1b2220448418434162fe1b810cd0e01d3d016
SHA512

59ac66961c7a9945d2c3d062662a8e3fe2161d6498a994404261432f62d0af9df35d94900e302da6cfaa5daf8eb1130a83be88fa4c9f874073519341b84cfbae
SSDEEP

1536:BF67GmLWRSsyLZ6Tt1fk9umda0otZHe7GcAthbTmtDFsyCV1XqFv6Z9Ho4TUYj+R:z677LKvfzftUaHvHQwh6IeyRu

Score

10^/10

discordrat execution persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NzY0ODI3NjkwNDI4NDIxMQ.GeRPhp.MDSXGRuUn2u8gLfs_a8HNeOahYRKGQaJRsgUWw
server_id
1247801636122787851

Targets

- Target
  
  FUD.vbs
- Size
  
  105KB
- MD5
  
  2502518aa797758d68760e5c46f4fd85
- SHA1
  
  27f0b73cea1441a772d9635e4f95441ec754549c
- SHA256
  
  9c173fbe1731dce2731ff72991b1b2220448418434162fe1b810cd0e01d3d016
- SHA512
  
  59ac66961c7a9945d2c3d062662a8e3fe2161d6498a994404261432f62d0af9df35d94900e302da6cfaa5daf8eb1130a83be88fa4c9f874073519341b84cfbae
- SSDEEP
  
  1536:BF67GmLWRSsyLZ6Tt1fk9umda0otZHe7GcAthbTmtDFsyCV1XqFv6Z9Ho4TUYj+R:z677LKvfzftUaHvHQwh6IeyRu
Score

10^/10

discordrat execution persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Drops startup file
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discordratexecutionpersistenceratrootkitstealer