discordrat | b46d4b644a44921eadb02a921281ab8cb5d0aee746856afc90117cfb60aba2d6 | Triage

Sharing

General

Target

Build.exe
Size

430KB
Sample

240803-njlxbswerc
MD5

c530c3f39f5b1166739429e2a79d5768
SHA1

f3439000da7bf5e3a1d139457926b93d04ae58d8
SHA256

b46d4b644a44921eadb02a921281ab8cb5d0aee746856afc90117cfb60aba2d6
SHA512

c921474348fda254fc03e3848ede91b4827aa9eb07632c84a665387f0431ee4c50aa859755975ffe11f2adf37b2f7b72253a77091bef1fd238d3722c00c37026
SSDEEP

12288:wyveQB/fTHIGaPkKEYzURNAwbAgHCUHJo:wuDXTIGaPhEYzUzA0UU2

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2OTI0OTEwMjQ5NTg3OTIyOQ.GLHhlB.ypGKkwamHbm_Ye58lhiwJG8n231holsbEjjd7g
server_id
1269247737208246368

Targets

- Target
  
  Build.exe
- Size
  
  430KB
- MD5
  
  c530c3f39f5b1166739429e2a79d5768
- SHA1
  
  f3439000da7bf5e3a1d139457926b93d04ae58d8
- SHA256
  
  b46d4b644a44921eadb02a921281ab8cb5d0aee746856afc90117cfb60aba2d6
- SHA512
  
  c921474348fda254fc03e3848ede91b4827aa9eb07632c84a665387f0431ee4c50aa859755975ffe11f2adf37b2f7b72253a77091bef1fd238d3722c00c37026
- SSDEEP
  
  12288:wyveQB/fTHIGaPkKEYzURNAwbAgHCUHJo:wuDXTIGaPhEYzUzA0UU2
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer