discordrat | 71c6f0f97739bd48d8bd14cef151389a33b4cb1842987b824b47fe521929cb65 | Triage

Sharing

General

Target

241105-cjf6assgpn_pw_infected.zip
Size

28KB
Sample

241105-crvzesvmep
MD5

b7c66f9978dbc9338dac329919034cf1
SHA1

6c0e819392073cb2687769c01d211cbb455f715f
SHA256

71c6f0f97739bd48d8bd14cef151389a33b4cb1842987b824b47fe521929cb65
SHA512

4bf2f03fc8cd6e3bc472c2da5a1b75e25f79d4e822fa5353d7edac84432f8da4a9d89fd7e7306333034d44443e6cf0237ce99a532170bb573dde56b35f02572d
SSDEEP

768:S3ZHu4wGIrUQyxVkmXXwJnBrWf1YrYf4udamiCKjuuASGxbFZ:8+U5fkmQBBrWfaaaOfuAFv

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5NjY1NzM0NDY3NTA1MzY2MQ.G3_pRe.obiFDZfiXBi7cjudA_ADjPYDq2ORDjJqG7qP6c
server_id
1303174293991063612

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  0040ce2b405b7c977b25770e3892ac11
- SHA1
  
  24f618b6ae0c3b6b8f4aa5d7801c2550c56c6f07
- SHA256
  
  1371d709aeca976839bb5ef2431e59548e4c0f700f3907a8803ecef207dcce6f
- SHA512
  
  f5cb842b0ba67b49f3a9b437293ac784ffcf1e1ad821defe0bfaf6778844debcba56c2cf44a733cc1e5090c753833038e31c17bbcdee85f3e499792bbb211f7a
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+mPIC:5Zv5PDwbjNrmAE+CIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceratrootkitstealer