discordrat | 86bbe1727249f6583be9658d2d68c7eee7635c0d68facde070c82a38dfe09c31 | Triage

Submit
Reports

Overview

overview

Static

static

hey spigga...ne.exe

windows7-x64

hey spigga...ne.exe

windows10-2004-x64

Analysis

max time kernel
96s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 17:54

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

hey spigga nigga @everyone.exe

Resource

win7-20241010-en

discordrat persistence rat rootkit stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

hey spigga nigga @everyone.exe

Resource

win10v2004-20241007-en

discordrat persistence rat rootkit stealer

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

hey spigga nigga @everyone.exe
Size

91KB
MD5

ea02e55219234d84f7edc015efd376ea
SHA1

9c1f4fcdda3890009d1301b34e61cf6d94bd91c6
SHA256

86bbe1727249f6583be9658d2d68c7eee7635c0d68facde070c82a38dfe09c31
SHA512

a938a62d9af850e2ce35f3f59841b0cae59e28fafbff69fa00bdd39b73a265801dc0bd39705a2526d06ce7d2c45bd3c026820a35e72d9b1314752b1905e66f24
SSDEEP

1536:oXKQ2FNJQ4FLHv1xCtRE9PLlX/k0SbIANrNaI+uexCxoKV6+f9ExR:XQsDQ4FLHKTE9D5/ZSbIANrNN+bS92

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAANkquobZQzEeoYHKoo4wB7AAAAAACAAAAAAAQZgAAAAEAACAAAAAoHOqVS9hOk58AbMxXOKMarWaWwwr5CC686pGFO0yAggAAAAAOgAAAAAIAACAAAABc9P9yem6CvWls70HVPxmbH0CUImLo2OEJpoTgHM7w1lAAAABBMpQbAvfC4PBd5+N0VsQqf8vXM3rhQ0s62GRBZZhHyHp9tvzssvGMkXjKCfOmjMdzc2PR7JEjzDPoxEN1UTHHxlLx6GrG47y5CIvn9a3g1UAAAABX9O1/x01YZkA+t0aLF8hAzujj9h+IGUGacXxMRcKHIwzS4qste5a9G5mDL/CUbPaTub2hMUnAkTwVQyGcko6o
server_id
1314287414537093211

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Processes

C:\Users\Admin\AppData\Local\Temp\hey spigga nigga @everyone.exe
"C:\Users\Admin\AppData\Local\Temp\hey spigga nigga @everyone.exe"
1⤵
PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2524-0-0x00007FFE59D23000-0x00007FFE59D25000-memory.dmp

Filesize
8KB

Download
memory/2524-1-0x00000236F57E0000-0x00000236F57FC000-memory.dmp

Filesize
112KB

Download
memory/2524-2-0x00000236F7D80000-0x00000236F7F42000-memory.dmp

Filesize
1.8MB

Download
memory/2524-3-0x00000236F7C00000-0x00000236F7C50000-memory.dmp

Filesize
320KB

Download

© 2018-2025

Terms | Privacy