discordrat | ee70f30bd8e327e450bf960c2f4b3675cb4bf80d9f26c9a2cd0de2fc01ecb77b | Triage

Resubmissions

31-10-2024 00:44

241031-a3vrpatnfw 7

30-10-2024 19:18

241030-x1bx5azdng 10

Sharing

General

Target

Rezux X V1.0.1.zip
Size

487KB
Sample

241030-x1bx5azdng
MD5

e4265881ea58c3075edfa61924702b6f
SHA1

841586bc50fa9cedaade2792e4dcad854306978f
SHA256

ee70f30bd8e327e450bf960c2f4b3675cb4bf80d9f26c9a2cd0de2fc01ecb77b
SHA512

1273a8966a51b77236c17afc7cc48abbb594963b2b5bdb89d718e22a93bb5a94de412c11d340991833db44cd23b48ca9f85e32140b900cdd267c8cbfead8f14d
SSDEEP

12288:asQ++++IN1j6H55wwwwwm2222z1t0gFjPlOACViUcEcdRvpgszRtrx:asDNutTjPlQchRBgsF

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwMDQ5MDUyNDU5OTM4NjE0Mg.G-DgaN.IIbGbtJfjszYAmncKl9TLXTTj1Bu5HOBlYTQys
server_id
1300397247476793477

Targets

- Target
  
  Rezux X.exe
- Size
  
  463KB
- MD5
  
  dd6348580be74d093f9f92b81e4611e9
- SHA1
  
  e5d66547ca83fe4334d12f5de222da02669cfbfb
- SHA256
  
  16e95d2e510125f773ecce110772cce7b3626008ec12f58db532b12869c6aca3
- SHA512
  
  8a33f3e4671208ee839f1195db1e66530bb2ee19b4c1578897bdbef1d9cc8ce4dc22f13ff63ff362ef7c553f6be69ad2f8a03db63c522f96a1c752639bb089ea
- SSDEEP
  
  12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4poZnUi:xuDXTIGaPhEYzUzA0/0pCUi
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer