discordrat | 73ffdb5bc29185f6c68ea22d571859218635a17bad466d4c5aee1b4a3421dfb1 | Triage

Sharing

General

Target

BfIgOz7.exe
Size

6.8MB
Sample

240915-d9zk1athnn
MD5

29daf7a58aacdc2459d9145039474754
SHA1

df7807760855e648920c85c29b12e2e817930729
SHA256

73ffdb5bc29185f6c68ea22d571859218635a17bad466d4c5aee1b4a3421dfb1
SHA512

e1db029d471eede7cfcecf5428b8d7669c4655b5d4a7c854fd952894c9e5d3c0497cd741235a9c312cc08c8fb811f051d1756264b585ec4e0f98a982d65f803e
SSDEEP

98304:o1kTd/1SqRWF/A0E/CoSMWjILQjMhAjUc7DL5s:WkTd7RWF/I/ZWjsjajUc72

Score

10^/10

discordrat defense_evasion discovery execution persistence privilege_escalation rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4NDY3NDQ5OTc5ODc2NTczOA.GRsRSd.UW5uwQ1usFhHH7EewkpyCqw589sAshmfAmxuZg
server_id
1284674413421133905

Targets

- Target
  
  BfIgOz7.exe
- Size
  
  6.8MB
- MD5
  
  29daf7a58aacdc2459d9145039474754
- SHA1
  
  df7807760855e648920c85c29b12e2e817930729
- SHA256
  
  73ffdb5bc29185f6c68ea22d571859218635a17bad466d4c5aee1b4a3421dfb1
- SHA512
  
  e1db029d471eede7cfcecf5428b8d7669c4655b5d4a7c854fd952894c9e5d3c0497cd741235a9c312cc08c8fb811f051d1756264b585ec4e0f98a982d65f803e
- SSDEEP
  
  98304:o1kTd/1SqRWF/A0E/CoSMWjILQjMhAjUc7DL5s:WkTd7RWF/I/ZWjsjajUc72
Score

10^/10

discordrat defense_evasion discovery execution persistence privilege_escalation rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationratrootkitstealer

behavioral2

discordratdefense_evasionexecutionpersistenceprivilege_escalationratrootkitstealer