discordrat | 3ef7eb0816dc3e90bd47be2620b53d57628d3d5fb79cfaef2166ee101504ce40 | Triage

Sharing

General

Target

Oxegen Exec.rar
Size

267KB
Sample

240709-1t6eyayaln
MD5

00fe1fa17133b11f1335653cf83ba40f
SHA1

16954cf7bd53166c606199027f562a4bdf897ae3
SHA256

3ef7eb0816dc3e90bd47be2620b53d57628d3d5fb79cfaef2166ee101504ce40
SHA512

f1d1042f1958e50940459a19f96a97eb86aa50510095abbd23cd1c56e8294921e2fda436fae3b92ab34581b77dd6d5c4b11d076f9616add32c7e17996943dc4f
SSDEEP

6144:ZiOuxHdpbz9Sut70XkRsSwsSKTub6ZnjrEKBjkF8mvOaDXMrWG24I0O:oOWHfbzP72kdSKTubEjrFaCmvOAsa

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NjYxMDkyODE0MTY2NDM0Ng.GoCAda.9jAnxnZbVToLnUTaW-wRrWIl-V07WOjBZlKZ6U
server_id
809482718164680734

Targets

- Target
  
  Oxegen Exec/oxegen.exe
- Size
  
  78KB
- MD5
  
  778530293626aa22c24995339aebdb0c
- SHA1
  
  6316c9b311be02521566b0f612be5b39c02071bd
- SHA256
  
  70be34e9af44e63074c443f14c312228e887269fcf3feb757ed674cc5390b262
- SHA512
  
  1fa355c5defdc008858d14f5b0304aea046de062e2c703dc47ebecc84d7f15da5a29d6c474390c9dc110c8d22b96ac30ba4ae836460023f1fd22a694794fe2c7
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discordratpersistenceratrootkitstealer