discordrat | 10b42ca763ebd516b250edfb6880559dce7decb1f57761faedac37f6a8c19698 | Triage

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

240713-y2sspswalp
MD5

65749c07329677eb12f6a8de41976e00
SHA1

dd29b61599b8bcc50835d61d70e08804bd1f286d
SHA256

10b42ca763ebd516b250edfb6880559dce7decb1f57761faedac37f6a8c19698
SHA512

9ed57d5c12dea7c2bced82dc0998221b32bad69d8a72ba9133957ab621d42d29ddee65a2bce41cfc24781e0564d495d0481f9bd4f01ff8080e03690f63c880dc
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIC:5Zv5PDwbjNrmAE+IIC

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1OTk1MjE0NTAxMzQxMTkwMg.G2HuaR.9q5-okrCTKQwPsL-j06Nffwzm9X2nOpJRIjYbc
server_id
1259952014545387540

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  65749c07329677eb12f6a8de41976e00
- SHA1
  
  dd29b61599b8bcc50835d61d70e08804bd1f286d
- SHA256
  
  10b42ca763ebd516b250edfb6880559dce7decb1f57761faedac37f6a8c19698
- SHA512
  
  9ed57d5c12dea7c2bced82dc0998221b32bad69d8a72ba9133957ab621d42d29ddee65a2bce41cfc24781e0564d495d0481f9bd4f01ff8080e03690f63c880dc
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIC:5Zv5PDwbjNrmAE+IIC
Score

10^/10

discordrat persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitspywarestealer