Overview

overview

10

Static

static

1

rat.xml

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rat.exe

  • Size

    229B

  • Sample

    240709-1kn5asygra

  • MD5

    028e53859fd915bc1af667647286a618

  • SHA1

    a4e7b6ca46701c06b71dded3dbde52246825a437

  • SHA256

    e829111a06b3c46316e683ea01a4bef38ef035617c59530fd792ba0fb56b3c4f

  • SHA512

    51b070895622559f299eabfa723c3740ccf5c4039b927361fe10b680b881f4040908d2b9cdfe11957708c801554157a4f9f2ea939dd541720b8125281d3356b9

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1NjYxMDkyODE0MTY2NDM0Ng.GoCAda.9jAnxnZbVToLnUTaW-wRrWIl-V07WOjBZlKZ6U

  • server_id

    809482718164680734

Targets

    • Target

      rat.exe

    • Size

      229B

    • MD5

      028e53859fd915bc1af667647286a618

    • SHA1

      a4e7b6ca46701c06b71dded3dbde52246825a437

    • SHA256

      e829111a06b3c46316e683ea01a4bef38ef035617c59530fd792ba0fb56b3c4f

    • SHA512

      51b070895622559f299eabfa723c3740ccf5c4039b927361fe10b680b881f4040908d2b9cdfe11957708c801554157a4f9f2ea939dd541720b8125281d3356b9

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks