discordrat | c89e5697ebaa2b07aa8c36669c48a849d456bd019d9c6f58f3d8cf7686028349 | Triage

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

240924-xf3v4ssdnf
MD5

a08689d0e211c14402c41e1b1996ec23
SHA1

5b99903cc161a9caf4ad14f60e7039e3046d832e
SHA256

c89e5697ebaa2b07aa8c36669c48a849d456bd019d9c6f58f3d8cf7686028349
SHA512

c6a9f945a78199aee545ff60892fc4c9fdaa0fbbaabd7ecf8c8698043998258f43bd19c168f9c38ed6414f4d57903fd5b7bafca828ab5c60781a3acaa5f24788
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+aPIC:5Zv5PDwbjNrmAE+GIC

Score

10^/10

discordrat defense_evasion persistence privilege_escalation rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4ODIwOTMyODE5MjYyMjY0NA.GRPDfL.M5QTPyyamdLktMv0B2se6E5YkcUOoLy3oEZB98
server_id
1279828254592602244

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  a08689d0e211c14402c41e1b1996ec23
- SHA1
  
  5b99903cc161a9caf4ad14f60e7039e3046d832e
- SHA256
  
  c89e5697ebaa2b07aa8c36669c48a849d456bd019d9c6f58f3d8cf7686028349
- SHA512
  
  c6a9f945a78199aee545ff60892fc4c9fdaa0fbbaabd7ecf8c8698043998258f43bd19c168f9c38ed6414f4d57903fd5b7bafca828ab5c60781a3acaa5f24788
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+aPIC:5Zv5PDwbjNrmAE+GIC
Score

10^/10

discordrat persistence rat rootkit stealer defense_evasion privilege_escalation spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Abuse Elevation Control Mechanism: Bypass User Account Control
  UAC Bypass Attempt via SilentCleanup Task.
  defense_evasion privilege_escalation
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratdefense_evasionpersistenceprivilege_escalationratrootkitspywarestealer