discordrat | 86c8812621c9af04b428b99aeb96627a340c3810d2bdb1053d2fb0357337a99e | Triage

Resubmissions

03-08-2024 14:36

240803-ryw8dswelq 10

03-08-2024 14:34

240803-rxs5cawejl 6

03-08-2024 14:30

240803-rvcpkswdkr 6

Sharing

General

Target

gothymilly76b779.mp4
Size

261KB
Sample

240803-ryw8dswelq
MD5

d3d13a4ac1f069c0c305836dca7a79f4
SHA1

9b3fdb93a1e59d3238b110bef6a56ddc4c94c449
SHA256

86c8812621c9af04b428b99aeb96627a340c3810d2bdb1053d2fb0357337a99e
SHA512

f3f8a5814fab743ab4f3f31f800ef66171673dbacbe66722e2a865cc97fc3e59deb2655da10e5ac84826d3fcb2c4ee0d671c7d0179a0b6e3ee850f43b348515f
SSDEEP

6144:lPL62UN2BRLvehowE4wFFrAuROLFgCRofacyfI5IhdgDJkihg8T0t+:d7A2DvehXwb0uRCg7fa9w5KCdV1b

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2ODUzMzQ1NDI3NTA4ODQyNg.G2Yk2l.qXauoqCUKPZJjdMsKjg7slxu7u2NIHtJs8nDoY
server_id
1268521650513772607

Targets

- Target
  
  gothymilly76b779.mp4
- Size
  
  261KB
- MD5
  
  d3d13a4ac1f069c0c305836dca7a79f4
- SHA1
  
  9b3fdb93a1e59d3238b110bef6a56ddc4c94c449
- SHA256
  
  86c8812621c9af04b428b99aeb96627a340c3810d2bdb1053d2fb0357337a99e
- SHA512
  
  f3f8a5814fab743ab4f3f31f800ef66171673dbacbe66722e2a865cc97fc3e59deb2655da10e5ac84826d3fcb2c4ee0d671c7d0179a0b6e3ee850f43b348515f
- SSDEEP
  
  6144:lPL62UN2BRLvehowE4wFFrAuROLFgCRofacyfI5IhdgDJkihg8T0t+:d7A2DvehXwb0uRCg7fa9w5KCdV1b
Score

10^/10

discordrat discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitstealer