Overview

overview

10

Static

static

1

pikmin.txt

windows10-2004-x64

10

pikmin.txt

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pikmin.txt

  • Size

    508B

  • Sample

    240716-bytt9sygjj

  • MD5

    15cfefa805d48ab3ae4030dfd6f3ab3b

  • SHA1

    77af69b52616f2a487f2acdb0236e85f18b85ef1

  • SHA256

    16bb67a19701b6501af30450601c2c29e1264e47157dcec20754f27d1dc4cd03

  • SHA512

    45880fffe5dec2b553d8b27dad929290553613cd7228f55d396fa1514e2f93e0eb2e963df1651fcc1d6d1b8e3885908f86da674ff1ae90ff5380d8a7e19194df

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI2MjU3ODQwOTUxOTcxMDM0MA.GM8Qz2.oHZL__hfnIDjXge1Rg3E4fIJEn7S49wVYLqIfA

  • server_id

    1262574013796978799

Targets

    • Target

      pikmin.txt

    • Size

      508B

    • MD5

      15cfefa805d48ab3ae4030dfd6f3ab3b

    • SHA1

      77af69b52616f2a487f2acdb0236e85f18b85ef1

    • SHA256

      16bb67a19701b6501af30450601c2c29e1264e47157dcec20754f27d1dc4cd03

    • SHA512

      45880fffe5dec2b553d8b27dad929290553613cd7228f55d396fa1514e2f93e0eb2e963df1651fcc1d6d1b8e3885908f86da674ff1ae90ff5380d8a7e19194df

    Score
    10/10
    discordratpersistenceratrootkitstealer

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks