discordrat | 07b5ed831d02ec164c13d86d09faa86be7029d090ea12602d5532918ed6f2b86 | Triage

Submit
Reports

Overview

overview

Static

static

1

installer.bat

windows11-21h2-x64

Sharing

General

Target

installer.bat
Size

865B
Sample

240913-wx49ts1hqc
MD5

2c19299072040e9e7dd5cef468da267b
SHA1

3ab6fad3a10abf8fb5b703eaa3d60244f18975dc
SHA256

07b5ed831d02ec164c13d86d09faa86be7029d090ea12602d5532918ed6f2b86
SHA512

c8519189baf5601af7267f6e38617f58ba16bdbc9b026d7870ac7e584481652f3619e1569b42a9a9d392e6a9d452ca14e63ff2fc1fc5397db45538b9e819448d

Score

10^/10

discordrat discovery execution persistence rat rootkit stealer

Static task

static1

Behavioral task

behavioral1

Sample

installer.bat

Resource

win11-20240802-en

discordrat discovery execution persistence rat rootkit stealer

windows11-21h2-x64

18 signatures

1800 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4MzkwMzM1MjcxOTAxNTk2Ng.GGkiFE.UJeAu2wEPM4KGVLI7BPdjjiBL-EKR92XuDzB5E
server_id
1281866805501100106

Targets

- Target
  
  installer.bat
- Size
  
  865B
- MD5
  
  2c19299072040e9e7dd5cef468da267b
- SHA1
  
  3ab6fad3a10abf8fb5b703eaa3d60244f18975dc
- SHA256
  
  07b5ed831d02ec164c13d86d09faa86be7029d090ea12602d5532918ed6f2b86
- SHA512
  
  c8519189baf5601af7267f6e38617f58ba16bdbc9b026d7870ac7e584481652f3619e1569b42a9a9d392e6a9d452ca14e63ff2fc1fc5397db45538b9e819448d
Score

10^/10

discordrat discovery execution persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoveryexecutionpersistenceratrootkitstealer

© 2018-2025

Terms | Privacy