discordrat | 11e0b8fd4dbe45946584c067767bee27a362f01b1262adcc927dc396c5ede806 | Triage

Sharing

General

Target

adfcgnp.scr
Size

444KB
Sample

240930-w61b8szarr
MD5

f2669c6d375bfd12168b500f96c0a756
SHA1

0dc9821912eedafafd9b2f9f4552f2b374924da0
SHA256

11e0b8fd4dbe45946584c067767bee27a362f01b1262adcc927dc396c5ede806
SHA512

f71bf36aff4db52f1c5d4cdf8004272571d228482a853bf90ccb954973bbedbe8a10818848a69de3e0d4870356bd01c0276c918f3be1ceb9e8007adbce015542
SSDEEP

12288:ntH5NLaAdDhAAEIFcWX+t4o+QMIUYUD6A+rSXH6P:ntH5sAdXEIFcUo+fDQrKH6P

Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4OTcwNjgwMDE5MDU4NzA0MQ.GLPbKO._bSSJm0gQWkbYqibHsDuqzcfNGezAcMtUoJS2g
server_id
1162176704329027645

Targets

- Target
  
  adfcgnp.scr
- Size
  
  444KB
- MD5
  
  f2669c6d375bfd12168b500f96c0a756
- SHA1
  
  0dc9821912eedafafd9b2f9f4552f2b374924da0
- SHA256
  
  11e0b8fd4dbe45946584c067767bee27a362f01b1262adcc927dc396c5ede806
- SHA512
  
  f71bf36aff4db52f1c5d4cdf8004272571d228482a853bf90ccb954973bbedbe8a10818848a69de3e0d4870356bd01c0276c918f3be1ceb9e8007adbce015542
- SSDEEP
  
  12288:ntH5NLaAdDhAAEIFcWX+t4o+QMIUYUD6A+rSXH6P:ntH5sAdXEIFcUo+fDQrKH6P
Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitspywarestealer