discordrat | 42b176fc5efa8e8d1a7a21afc72dbb23a81baaa2a0938a2c5d267459139abe48 | Triage

Sharing

General

Target

ddos.zip
Size

759B
Sample

241023-vxy75stekr
MD5

4bfec0144e947b841ad093f4e4d0e269
SHA1

524f22beb96cf450822e069d176b6b37299fe202
SHA256

42b176fc5efa8e8d1a7a21afc72dbb23a81baaa2a0938a2c5d267459139abe48
SHA512

88c147fbf04b905a2ccddd5fd9e8cc1d83e9d7f5904568114010106a8e05f2f8150e5fe6630d1374e52f61eaba2cf811e7540895dd9ef176476e291ef9d5af18

Score

10^/10

discordrat execution persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5Njg5NDEwMjY0NTkwMzQwMA.GffxcT.wWuk4gdi5T-RNzCLfFQ4XgAEMO4ZjpXcRu5E5Y
server_id
1293738586679672945

Targets

- Target
  
  asd.bat
- Size
  
  1KB
- MD5
  
  0dababeef5a7a86809d847382772d821
- SHA1
  
  612be301ee1bc7a422f79b2d17822ee2244efc4c
- SHA256
  
  56af74c6f17f1e987ace45d8ec180ed38d221f2fdfe9d601bdec2d703689bdb4
- SHA512
  
  1ec9342d34914503dc475fd5fb300cbbb2ace1e9b6e8cc1b9221dd3468eb64a1e0d7f3d0c6f8427207239c61c4b8fb87da89f88f6920b95ef928dd1214d17d6a
Score

10^/10

execution discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Deletes itself
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discordratexecutionpersistenceratrootkitstealer