discordrat | ab1f5565ec87d83344a85ea76310b4cd9f82877a9d39ff55977ca5f96f5324f4 | Triage

Sharing

General

Target

BM4Refl_gpj.exe
Size

529KB
Sample

250105-yg5lrswndj
MD5

d7746b44fff33140ee35be0cf8635098
SHA1

93d8359ebee5849abddec1d66f13f867dcbab214
SHA256

ab1f5565ec87d83344a85ea76310b4cd9f82877a9d39ff55977ca5f96f5324f4
SHA512

befdb09a8f1b66c30c2f9eee5d75f0547f40f6d66e12e484aaaaebea6d5f09629e00b16afdd0e3f54bdada3a371f88dd24a54befdf5497a0c0cfe42128de5522
SSDEEP

12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4r/ts2w77PJh:xuDXTIGaPhEYzUzA0/0DDw77Rh

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMTk5NDk0MzgwMzQyODk3Nw.G7hRt0.tsvaJSgO9QCXFDWq0chKEu6Jsm3XDWEWHH41wA
server_id
1321995666821484655

Targets

- Target
  
  BM4Refl_gpj.exe
- Size
  
  529KB
- MD5
  
  d7746b44fff33140ee35be0cf8635098
- SHA1
  
  93d8359ebee5849abddec1d66f13f867dcbab214
- SHA256
  
  ab1f5565ec87d83344a85ea76310b4cd9f82877a9d39ff55977ca5f96f5324f4
- SHA512
  
  befdb09a8f1b66c30c2f9eee5d75f0547f40f6d66e12e484aaaaebea6d5f09629e00b16afdd0e3f54bdada3a371f88dd24a54befdf5497a0c0cfe42128de5522
- SSDEEP
  
  12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4r/ts2w77PJh:xuDXTIGaPhEYzUzA0/0DDw77Rh
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer