discordrat | 60f0ed4e327ec2f37874d39d7d8112edd3ee5f3a88ac09d55f1e860ad1d16aab | Triage

Sharing

General

Target

RoblxExtern.exe
Size

103KB
Sample

240726-rcw1hawbnd
MD5

96f4ada678831287e0e65a893bcbaead
SHA1

6d31200f6c78548164c416c7143d1ae2496c9dcb
SHA256

60f0ed4e327ec2f37874d39d7d8112edd3ee5f3a88ac09d55f1e860ad1d16aab
SHA512

a055e1c871a6f0089d3643a714dc65effeab6eea62be996aab375a2941ab2c61099dd7fcfc0901784aebf9cceb31fbbe266d186c925953adede0e4d499a998d6
SSDEEP

1536:eAjVrqD0rWUVYqMdvM9m2o5+7nkG24dxugMGHd1mf2R6/ELA29o2IqQnsLTC+zhS:HFeyIj+0n+ym9EGWe

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2MTY0NTg1NzE3MDY1MzIyNQ.G-aI1H.UjEBfSThVUjdMTWjryej5I5a1-xdH_S2NvpjfA
server_id
1261645179203616778

Targets

- Target
  
  RoblxExtern.exe
- Size
  
  103KB
- MD5
  
  96f4ada678831287e0e65a893bcbaead
- SHA1
  
  6d31200f6c78548164c416c7143d1ae2496c9dcb
- SHA256
  
  60f0ed4e327ec2f37874d39d7d8112edd3ee5f3a88ac09d55f1e860ad1d16aab
- SHA512
  
  a055e1c871a6f0089d3643a714dc65effeab6eea62be996aab375a2941ab2c61099dd7fcfc0901784aebf9cceb31fbbe266d186c925953adede0e4d499a998d6
- SSDEEP
  
  1536:eAjVrqD0rWUVYqMdvM9m2o5+7nkG24dxugMGHd1mf2R6/ELA29o2IqQnsLTC+zhS:HFeyIj+0n+ym9EGWe
Score

10^/10

discordrat persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discordratpersistenceratrootkitspywarestealer