discordrat | b686a911bf3d93dc0a30bdc046d74fae1ee580ad4a6620d67d9b3af00b3e7a3d

Resubmissions

01-08-2024 07:49

240801-jns4zstgld 10

01-08-2024 03:41

240801-d8sfaszejp 10

01-08-2024 01:51

240801-b984bszekc 10

Analysis

max time kernel
34s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord bot.exe
Size

90KB
MD5

24cde9873a5517844a29d0652889d284
SHA1

61e0edee68767fa2d2898bad5144e0059a417589
SHA256

b686a911bf3d93dc0a30bdc046d74fae1ee580ad4a6620d67d9b3af00b3e7a3d
SHA512

4c7f29150f37f8c943809264ead1ea5223919bceb62266413e8e2775ae5430e5fda8c40557abba12c920e1db822ea32c99116d7c9686d4444bbb6fe6fc86a1c1
SSDEEP

1536:THaXnTwWMeuPJdtAqBkblZNwpqejwSjZjZbANrC+uexCxoKV6+fhVp:msWMeuPy0kblbSqeUwZjZbANrC+bShH

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE4OTY4ODc2MTI5OTI1OTQ4Mw.G_zwdB.BLohYxvGEmumEgQ_WxzeKQ5m1YzgRVAsGmoaOM
server_id
1189695709369344143

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	discord.com
13	discord.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4432	Discord bot.exe

C:\Users\Admin\AppData\Local\Temp\Discord bot.exe
"C:\Users\Admin\AppData\Local\Temp\Discord bot.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control