discordrat | d05a4a190b1136cfc722861e23c0afa38a2a4ff70658bb6a8afe6f1810b84f82 | Triage

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

241211-3hpzxsxjbm
MD5

7f688eb43c2502b24d333c5b3a62b818
SHA1

47d05694096e5b422859eaa303861dc15552b2b7
SHA256

d05a4a190b1136cfc722861e23c0afa38a2a4ff70658bb6a8afe6f1810b84f82
SHA512

b46ef65de80579da6cbe8a592db65965d6fb0ba7631c5dfbe6d0a84c5e03c2a9a538c0c6b9b5937a07ed099f4efcbe4e33893a57dc16ca933644e44bfce287ae
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+IPIC:5Zv5PDwbjNrmAE+MIC

Score

10^/10

discordrat discovery evasion persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNjUzMzkwMTg5MTYwNDU1MA.GZMiAt.Or8LUwfXd7oyd9yslQBkRWptohfK-lxvgkGjwk
server_id
1316547391792611368

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  7f688eb43c2502b24d333c5b3a62b818
- SHA1
  
  47d05694096e5b422859eaa303861dc15552b2b7
- SHA256
  
  d05a4a190b1136cfc722861e23c0afa38a2a4ff70658bb6a8afe6f1810b84f82
- SHA512
  
  b46ef65de80579da6cbe8a592db65965d6fb0ba7631c5dfbe6d0a84c5e03c2a9a538c0c6b9b5937a07ed099f4efcbe4e33893a57dc16ca933644e44bfce287ae
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+IPIC:5Zv5PDwbjNrmAE+MIC
Score

10^/10

discordrat discovery evasion persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoveryevasionpersistenceratrootkitspywarestealer