discordrat | 0a188431ec4ef4275ebe8377963a65e82d9a1fbc9a72c9047ccc6fe65d30b837 | Triage

Resubmissions

10-10-2024 22:45

241010-2prxeswcmj 10

10-10-2024 22:13

241010-15bppsvcqj 10

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

241010-15bppsvcqj
MD5

e8e307d2a0e8b33878dea7396f1fe7fe
SHA1

4abea5f3288c4045a68d2d355838533d72768e69
SHA256

0a188431ec4ef4275ebe8377963a65e82d9a1fbc9a72c9047ccc6fe65d30b837
SHA512

c8b50c57b9ac2c3a73a8256a85b74d8ab599c5415148f48ee902f0965bd0c2e7fa91756cd12f491be093058fbf57cb20fca59bd71303147ebbbb36515b82f774
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+6PIC:5Zv5PDwbjNrmAE+mIC

Score

10^/10

discordrat evasion persistence ransomware rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5NDA0NTgxMjIxMjQ5ODQ1Mg.G2NcYi.AGgJbkkw4ihNbkFwsXZwuwi-qjW6NEuR8lVozM
server_id
1294045594666668093

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  e8e307d2a0e8b33878dea7396f1fe7fe
- SHA1
  
  4abea5f3288c4045a68d2d355838533d72768e69
- SHA256
  
  0a188431ec4ef4275ebe8377963a65e82d9a1fbc9a72c9047ccc6fe65d30b837
- SHA512
  
  c8b50c57b9ac2c3a73a8256a85b74d8ab599c5415148f48ee902f0965bd0c2e7fa91756cd12f491be093058fbf57cb20fca59bd71303147ebbbb36515b82f774
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+6PIC:5Zv5PDwbjNrmAE+mIC
Score

10^/10

discordrat persistence rat rootkit stealer evasion ransomware spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratevasionpersistenceransomwareratrootkitspywarestealer