discordrat | 6ae2eda2d99617d2df7ad5bcb6b6521e96b18cf26d62db6f1521281c90f89d27 | Triage

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

240718-x646vssgmj
MD5

aee9adc778457502a1a34477c8c4ae73
SHA1

f2789a1c6fca778f10e511b57c9dda13ce2f7f0d
SHA256

6ae2eda2d99617d2df7ad5bcb6b6521e96b18cf26d62db6f1521281c90f89d27
SHA512

c9a6f53da6758d1f6e07c65947e4a31b2a2fefc2e560bb2bd4a9c4205c29352ade68cd21b6e81ad5495db75ff8b6460afd488bd66a7c0f66031fb3fc9865b746
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+XPIC:5Zv5PDwbjNrmAE+fIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2MzQzNzIyMjg5NjczNDIwOQ.G2Vzuz.KQI3pwoLAi2QNOsM3VLvNcTIjyN7N1ULpSLPGE
server_id
1224684836627681300

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  aee9adc778457502a1a34477c8c4ae73
- SHA1
  
  f2789a1c6fca778f10e511b57c9dda13ce2f7f0d
- SHA256
  
  6ae2eda2d99617d2df7ad5bcb6b6521e96b18cf26d62db6f1521281c90f89d27
- SHA512
  
  c9a6f53da6758d1f6e07c65947e4a31b2a2fefc2e560bb2bd4a9c4205c29352ade68cd21b6e81ad5495db75ff8b6460afd488bd66a7c0f66031fb3fc9865b746
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+XPIC:5Zv5PDwbjNrmAE+fIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer