discordrat | b39337904af234ce5ab04051a009b9a8c60fa46bccc76d449800be886c123e0b | Triage

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

240909-19cgsstaqn
MD5

bd8aa548c282f2156b940c67f212a196
SHA1

5c76d556322dd933ae1e0304a3667e2121bed0c4
SHA256

b39337904af234ce5ab04051a009b9a8c60fa46bccc76d449800be886c123e0b
SHA512

976930e1551958cf9469b4bad2c6b52f1844ef8c303d4182d6486a7ed09f11ecff0ae1433031d44e466f24944a6a5101148268f370c5a76f62d606e79a34e685
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+HPIC:5Zv5PDwbjNrmAE+vIC

Score

10^/10

discordrat credential_access defense_evasion persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4MjgyNzA4MTIyMjE5NzI1OA.GYGKGD._ZCToapQCVB6uJoewAZmBanGCE2C92HCs5RwD0
server_id
1282683459751510098

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  bd8aa548c282f2156b940c67f212a196
- SHA1
  
  5c76d556322dd933ae1e0304a3667e2121bed0c4
- SHA256
  
  b39337904af234ce5ab04051a009b9a8c60fa46bccc76d449800be886c123e0b
- SHA512
  
  976930e1551958cf9469b4bad2c6b52f1844ef8c303d4182d6486a7ed09f11ecff0ae1433031d44e466f24944a6a5101148268f370c5a76f62d606e79a34e685
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+HPIC:5Zv5PDwbjNrmAE+vIC
Score

10^/10

discordrat credential_access defense_evasion persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratcredential_accessdefense_evasionpersistenceratrootkitspywarestealer