discordrat | 8e40d8098968b68553e64e7aeb0472cd5f3c0a1dfde2c1a7afbdb5a9266de7f5 | Triage

Sharing

General

Target

Diavlo Cracked v1.0.sfx.exe
Size

712KB
Sample

250128-31f5qsxqdr
MD5

9ed59258f3437ce25fb12958e7b6659b
SHA1

fb14154b9a4d71acfaec97cd7b5a16ff652ab238
SHA256

8e40d8098968b68553e64e7aeb0472cd5f3c0a1dfde2c1a7afbdb5a9266de7f5
SHA512

d429a5e51dea517136840384879c75c14687e7a09754c4f6292c136a6f1373b925c6c3bf2c4ed4071b353133c33e77b46d82844a609b0f42b9e0becb7f34ca58
SSDEEP

12288:XyveQB/fTHIGaPkKEYzURNAwbAgpLR7jXQA1RGLR7jXQA1RyuvvZuGWS:XuDXTIGaPhEYzUzA0lrX+rXyuXZu5S

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMDQyNzc0NDMwMzA1ODk4NQ.Gqsa3L.Aay15LBm9ibVIJIgj7zi5jAN3qGYkC0Aw2lPS0
server_id
1333947338598649967

Targets

- Target
  
  Diavlo Cracked v1.0.sfx.exe
- Size
  
  712KB
- MD5
  
  9ed59258f3437ce25fb12958e7b6659b
- SHA1
  
  fb14154b9a4d71acfaec97cd7b5a16ff652ab238
- SHA256
  
  8e40d8098968b68553e64e7aeb0472cd5f3c0a1dfde2c1a7afbdb5a9266de7f5
- SHA512
  
  d429a5e51dea517136840384879c75c14687e7a09754c4f6292c136a6f1373b925c6c3bf2c4ed4071b353133c33e77b46d82844a609b0f42b9e0becb7f34ca58
- SSDEEP
  
  12288:XyveQB/fTHIGaPkKEYzURNAwbAgpLR7jXQA1RGLR7jXQA1RyuvvZuGWS:XuDXTIGaPhEYzUzA0lrX+rXyuXZu5S
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2