discordrat | f6022caf3cccb74e26a03da0d8422cf3dab58e91219cf1d658c473f916488d98 | Triage

Sharing

General

Target

Tha Bronx Script.exe
Size

527KB
Sample

250106-kdsk5stqam
MD5

2732d0596aff1192a6c73f8201c034d4
SHA1

b93d7eace4ef1548717a23d198b6b3d4f00c579d
SHA256

f6022caf3cccb74e26a03da0d8422cf3dab58e91219cf1d658c473f916488d98
SHA512

c384b1d49411da85fd89fe8813a91ab2311c42bd68eff16798811b4a146c414c4c6812ba9fa7577e9fc4147f0a6b48e3cca9e0132e14a5bc129206ac1483cbf9
SSDEEP

12288:ZyveQB/fTHIGaPkKEYzURNAwbAg8Co9YKBDNR7i+x:ZuDXTIGaPhEYzUzA0qTmKBDNQa

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyNDk1MzA2NjYyOTIzODg0NQ.G7-fPX.WkDR_5L1cbK6jYMAnyjZzLN5gM0mwbXfQwVk-A
server_id
1324953380535402518

Targets

- Target
  
  Tha Bronx Script.exe
- Size
  
  527KB
- MD5
  
  2732d0596aff1192a6c73f8201c034d4
- SHA1
  
  b93d7eace4ef1548717a23d198b6b3d4f00c579d
- SHA256
  
  f6022caf3cccb74e26a03da0d8422cf3dab58e91219cf1d658c473f916488d98
- SHA512
  
  c384b1d49411da85fd89fe8813a91ab2311c42bd68eff16798811b4a146c414c4c6812ba9fa7577e9fc4147f0a6b48e3cca9e0132e14a5bc129206ac1483cbf9
- SSDEEP
  
  12288:ZyveQB/fTHIGaPkKEYzURNAwbAg8Co9YKBDNR7i+x:ZuDXTIGaPhEYzUzA0qTmKBDNQa
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer