discordrat | 3ef7eb0816dc3e90bd47be2620b53d57628d3d5fb79cfaef2166ee101504ce40

Sharing

Copy URL

Twitter E-mail

General

Target

Oxegen Exec.rar
Size

267KB
Sample

240709-1txsssyakq
MD5

00fe1fa17133b11f1335653cf83ba40f
SHA1

16954cf7bd53166c606199027f562a4bdf897ae3
SHA256

3ef7eb0816dc3e90bd47be2620b53d57628d3d5fb79cfaef2166ee101504ce40
SHA512

f1d1042f1958e50940459a19f96a97eb86aa50510095abbd23cd1c56e8294921e2fda436fae3b92ab34581b77dd6d5c4b11d076f9616add32c7e17996943dc4f
SSDEEP

6144:ZiOuxHdpbz9Sut70XkRsSwsSKTub6ZnjrEKBjkF8mvOaDXMrWG24I0O:oOWHfbzP72kdSKTubEjrFaCmvOAsa

Score

10^/10

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NjYxMDkyODE0MTY2NDM0Ng.GoCAda.9jAnxnZbVToLnUTaW-wRrWIl-V07WOjBZlKZ6U
server_id
809482718164680734

Targets

- Target
  
  Oxegen Exec/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  71963eb6707ef2de595d336d5810082b
- SHA1
  
  aefa3ec8411e2ad2a7f0a496be0c7f52cb908bd5
- SHA256
  
  f67f8caf9216123c0f669ae7a0e9a086a28ad9fee7e4756c224a7706ceaab1cd
- SHA512
  
  a2410423d7d9c730e3d7d48a03a01342149778539bc2bb32fa404d1722296eb1f0ebfc2f8224665b6e84b6e17a16cc3392334ad7958662fe9d65c6bada6a471b
- SSDEEP
  
  6144:JR0J4lxA/7BA4xvNIwcKAZ+IBJhaeFMdFDCBdxBsqmLDi5eN5DDl1SqPF:JR0J4ElAovNIwxAZdBOeFMuzheN5
Score

1^/10
behavioral1 behavioral2
- Target
  
  Oxegen Exec/Scripts/Elysian admin.lua
- Size
  
  75KB
- MD5
  
  c11d3559a545703fbe376e10606e3bb8
- SHA1
  
  7689a000d4b8bddc319c059bc267ed00ab430672
- SHA256
  
  80875b7c78bf2675096d4351836dcc044d84bde963e4fb3f4edfdbdb9e2fe1f7
- SHA512
  
  77fb8bce0c2252da7b746586aa3beb2d6f80c46819600c1c8da766e59c82b97a34fc4451c29c62c3b19a14b77743aefe6be1bceca21f9420e36674c86d3375ee
- SSDEEP
  
  1536:jzd51az2hlIiHIgvnHqmPbU+LcqO9vg4r6U/XSZ8MLh9Km3S4Nfz+O3dN6/IS6+M:V5fLHIgvHbU+LcqO9vgO6iXSZ8Mdh3Sa
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  Oxegen Exec/Scripts/Quick kick and other commands.txt
- Size
  
  19KB
- MD5
  
  22f8b58250ed13e3d124fbdee093f80d
- SHA1
  
  a7430f2d356efcc6abfd1f97464307c1e9176963
- SHA256
  
  dec540b6865f650793a0f47b20189f63a3af093246e4549ae2abf69e1d567441
- SHA512
  
  f01f60a9eedb3f1e5855e2a43d8fd5450c51ac15962be8c6b7c52b2726df0fc8c71a63dbac32f24d46c77c674d84d608235f002aeed128334716b284f32bb39c
- SSDEEP
  
  384:Exhop6EPQRydi3R8vRNW3SldYTEZXPmES64YsauzePEdY:Exup6YQRKmR8vRNW3SldYTEZXPmEl4Yp
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Oxegen Exec/Scripts/fedora admin.txt
- Size
  
  47KB
- MD5
  
  941b118664d6de2c0847a9a1c89bd44d
- SHA1
  
  c4b1d3fc396c719cfbf075f7c018b153018db345
- SHA256
  
  ea759928e3eff822f7ec1d8e73babe5169632f578a8a680bc174374e865115cb
- SHA512
  
  7ae39c32c9e97e28c8a7030bd654c4aa39d05c0e5c97b77aa21cf171b6a931c4cd25ca6fbbef19f617097b8eb56839956107d41de16bbb33fe5db7ccae8e45ce
- SSDEEP
  
  768:6UCQeAeFHNR3kYMiEAHfIXI6Xh3XZtsSaLD8fBDJ5w+Wol1X1nXT7+tWivqKNOBv:mGAHAXXXh3XzKLStWaFmViqhedFkg4Ct
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  Oxegen Exec/oxegen.dll
- Size
  
  339KB
- MD5
  
  e326bcbc52f5c4b9c8b563ad4e9fd18c
- SHA1
  
  fbfabe434cec05affc865f5fc1335ad7af2a9434
- SHA256
  
  ffc0dfab64404df4eed5f1975f0fc44201f35bee79e387644f5c9883073610f2
- SHA512
  
  f2ece7723283e7c6a8768a05505748af01d18405b377e8bf1a549c106b28356ca5b49a796891517ca3afc6394eeb0739838f072290edfc3f7264cf04d6c66176
- SSDEEP
  
  3072:s6UAGcFg+l7mBevnP9WCGWUT4OOx5cDURi8tfBwQrxYijAMN0nmqR4/4f2meJlkx:OA7Flyvm
Score

1^/10
behavioral10 behavioral9
- Target
  
  Oxegen Exec/oxegen.exe
- Size
  
  78KB
- MD5
  
  778530293626aa22c24995339aebdb0c
- SHA1
  
  6316c9b311be02521566b0f612be5b39c02071bd
- SHA256
  
  70be34e9af44e63074c443f14c312228e887269fcf3feb757ed674cc5390b262
- SHA512
  
  1fa355c5defdc008858d14f5b0304aea046de062e2c703dc47ebecc84d7f15da5a29d6c474390c9dc110c8d22b96ac30ba4ae836460023f1fd22a694794fe2c7
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral11 behavioral12