discordrat | 56af74c6f17f1e987ace45d8ec180ed38d221f2fdfe9d601bdec2d703689bdb4 | Triage

Sharing

General

Target

asd.bat
Size

1KB
Sample

241018-25l14svhlm
MD5

0dababeef5a7a86809d847382772d821
SHA1

612be301ee1bc7a422f79b2d17822ee2244efc4c
SHA256

56af74c6f17f1e987ace45d8ec180ed38d221f2fdfe9d601bdec2d703689bdb4
SHA512

1ec9342d34914503dc475fd5fb300cbbb2ace1e9b6e8cc1b9221dd3468eb64a1e0d7f3d0c6f8427207239c61c4b8fb87da89f88f6920b95ef928dd1214d17d6a

Score

10^/10

discordrat execution persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5Njg5NDEwMjY0NTkwMzQwMA.GbbBFh.ZTr18FyMmzROaUjB4OeMEYamtttj4Hm8E7t2kA
server_id
1293738586679672945

Targets

- Target
  
  asd.bat
- Size
  
  1KB
- MD5
  
  0dababeef5a7a86809d847382772d821
- SHA1
  
  612be301ee1bc7a422f79b2d17822ee2244efc4c
- SHA256
  
  56af74c6f17f1e987ace45d8ec180ed38d221f2fdfe9d601bdec2d703689bdb4
- SHA512
  
  1ec9342d34914503dc475fd5fb300cbbb2ace1e9b6e8cc1b9221dd3468eb64a1e0d7f3d0c6f8427207239c61c4b8fb87da89f88f6920b95ef928dd1214d17d6a
Score

10^/10

discordrat execution persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratexecutionpersistenceratrootkitstealer