discordrat | 0a43753bf997769e9a15a160dac3712970dca5bf2f1ccbc01454583651f8e2ed | Triage

Sharing

General

Target

xkknu3.zip
Size

28KB
Sample

250117-152acsvqeq
MD5

d1ec0aa2315e3c55ba417b87b17bab2b
SHA1

52a463b0f3fc2319dc1372f70e95ba6b72324630
SHA256

0a43753bf997769e9a15a160dac3712970dca5bf2f1ccbc01454583651f8e2ed
SHA512

275d7c5b2560c48f943c9a8c9d7336f88bd65fca15df5f352a069e3721a4ce221d4cfb532f76595260d7406cbbff3814ab36c6a785e458b7435c28a4082556aa
SSDEEP

768:ShM6uWf0MgMUTVIPAbo0U4Wu5MtZYZURGxr7:STuW8MzPAbm49MtZYZPH

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE2OTcxNTQ5MDk0MDI2NDYwOQ.GT9jXS.u1NUz6EhjEOGBwHNrMPtou3JF7iKZ6qZDdwdg0
server_id
1328732385663258774

Targets

- Target
  
  ft.exe
- Size
  
  78KB
- MD5
  
  f91ccf4508c5b38c655dfbbee715a8a4
- SHA1
  
  b1bd3d4700019d99bd74b00c8fe3e7fe62c00a9b
- SHA256
  
  ab9903424f54db2436f93dea75b3da47008d68978d5209b5483db24d2b6351da
- SHA512
  
  d69c647eda894669cc926d1279de76258dff54f578279cd1ef0c520e920e534ccf8843f5ab5b8feaae8cfdd2952906c09ac82c5fb8c62c3746a0d1633465e761
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer