discordrat | f4a63b7b747369289369ada5ba8961af3b5898f9aee1760455255d97e19015f3 | Triage

Sharing

General

Target

MW3PRO00.exe
Size

78KB
Sample

240824-14epzathqp
MD5

cbf27dcba2ef0fa998c38384a22d6cba
SHA1

5a644d1f39cd64e40d663264d1a9de9218cd1302
SHA256

f4a63b7b747369289369ada5ba8961af3b5898f9aee1760455255d97e19015f3
SHA512

d89bf4ae3b715fb079eac95d908344f1c51e8542a5e82ef75611018c78866f2ff5662a7c099d24616fba008f79108f5d15552f8fb2b1437543038ad5555626b6
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+OPIC:5Zv5PDwbjNrmAE+qIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1MTgyMzAxNzUyNTI1MjEyNg.Gq9elm.EfhMIc-eCeEBcZ97uoRa_T1KAXKFQmgIerhsCg
server_id
1267742928692973691

Targets

- Target
  
  MW3PRO00.exe
- Size
  
  78KB
- MD5
  
  cbf27dcba2ef0fa998c38384a22d6cba
- SHA1
  
  5a644d1f39cd64e40d663264d1a9de9218cd1302
- SHA256
  
  f4a63b7b747369289369ada5ba8961af3b5898f9aee1760455255d97e19015f3
- SHA512
  
  d89bf4ae3b715fb079eac95d908344f1c51e8542a5e82ef75611018c78866f2ff5662a7c099d24616fba008f79108f5d15552f8fb2b1437543038ad5555626b6
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+OPIC:5Zv5PDwbjNrmAE+qIC
Score

10^/10

discordrat persistence rat rootkit stealer discovery
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratdiscoverypersistenceratrootkitstealer