discordrat | 879434e9b5f6398a3bcc7dbeeccc41a7a8284a6d9029c1fe3db8353e61463783 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows11-21h2-x64

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

250111-vmbn4awran
MD5

ae435f868dfdec6d306fa6c99e832504
SHA1

a3c32006a91a02a378d5cf46986001a3da127378
SHA256

879434e9b5f6398a3bcc7dbeeccc41a7a8284a6d9029c1fe3db8353e61463783
SHA512

19a2c3a81fad52259464b41cdc5148781ce3e4795b42bf096a1134237c2087a082e0b0fb14366947036fb472178c7373211b09e50085b1ce3928518bfa13bb3d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+5PIC:5Zv5PDwbjNrmAE+JIC

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win11-20241007-en

discordrat defense_evasion discovery persistence rat rootkit stealer

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNzk1MTI1OTgxODMzMjI1MQ.G93Qk4.H4mAeTd_60O2WKIyzj2t9Gqxi0w69VeDvI9dT0
server_id
1317948076505169970

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  ae435f868dfdec6d306fa6c99e832504
- SHA1
  
  a3c32006a91a02a378d5cf46986001a3da127378
- SHA256
  
  879434e9b5f6398a3bcc7dbeeccc41a7a8284a6d9029c1fe3db8353e61463783
- SHA512
  
  19a2c3a81fad52259464b41cdc5148781ce3e4795b42bf096a1134237c2087a082e0b0fb14366947036fb472178c7373211b09e50085b1ce3928518bfa13bb3d
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+5PIC:5Zv5PDwbjNrmAE+JIC
Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdefense_evasiondiscoverypersistenceratrootkitstealer

© 2018-2025

Terms | Privacy