General
-
Target
Client-built.exe
-
Size
78KB
-
Sample
241219-fd3c5aynfz
-
MD5
de442b92fcc6b8a28cd1983f68888dc3
-
SHA1
10066ba190b0b876fe9d39ea20f67b0c849a1d2f
-
SHA256
cfd9da2ff11bd55e76125eebf234042c5a06b8743a93717b820622849a2f7038
-
SHA512
e441f634a8128adb800ce56914750b1a4ff9a80fcd51960cfec5fa5e5262855c763decb4e9cef0aa19282ebceb4dad387b702f8be6a2228e004fca0fa6b91873
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+OPIC:5Zv5PDwbjNrmAE+qIC
Malware Config
Extracted
discordrat
-
discord_token
MTMxOTEwMTg1NDkxOTAzNjk2MA.GCUf3G.XFcTpUzToj5RvHJaCwYlInhFElu5QcrOsBscOE
-
server_id
1319102558568058921
Targets
-
-
Target
Client-built.exe
-
Size
78KB
-
MD5
de442b92fcc6b8a28cd1983f68888dc3
-
SHA1
10066ba190b0b876fe9d39ea20f67b0c849a1d2f
-
SHA256
cfd9da2ff11bd55e76125eebf234042c5a06b8743a93717b820622849a2f7038
-
SHA512
e441f634a8128adb800ce56914750b1a4ff9a80fcd51960cfec5fa5e5262855c763decb4e9cef0aa19282ebceb4dad387b702f8be6a2228e004fca0fa6b91873
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+OPIC:5Zv5PDwbjNrmAE+qIC
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Abuse Elevation Control Mechanism: Bypass User Account Control
UAC Bypass Attempt via SilentCleanup Task.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1