discordrat | 63e676624115c3fd9febe7649f8c65dd65cb20df39595cbcc96b3781d1dee83c | Triage

Sharing

General

Target

executor.exe
Size

78KB
Sample

250129-e1rdps1kes
MD5

10b2da716481ed70b391ae0f97d0e64e
SHA1

22ccb5a19045d2db496ad0c5c0326e620e6e620f
SHA256

63e676624115c3fd9febe7649f8c65dd65cb20df39595cbcc96b3781d1dee83c
SHA512

f5dee05290a9a66975495c061fba0b9e567fe57ddff626b517388d246cacb825f92f0e6670a7f064307d478b49ceaf0f7d9f18bd8c615ca53b7fadb362d33b8c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score

10^/10

discordrat defense_evasion persistence privilege_escalation rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMzk4NzY2MTExMDU3NTEzNA.GUgCAs.PJkCkd2O0ZfCoCsqkLw6C4P8onABarxkOywQhI
server_id
1332933302335832155

Targets

- Target
  
  executor.exe
- Size
  
  78KB
- MD5
  
  10b2da716481ed70b391ae0f97d0e64e
- SHA1
  
  22ccb5a19045d2db496ad0c5c0326e620e6e620f
- SHA256
  
  63e676624115c3fd9febe7649f8c65dd65cb20df39595cbcc96b3781d1dee83c
- SHA512
  
  f5dee05290a9a66975495c061fba0b9e567fe57ddff626b517388d246cacb825f92f0e6670a7f064307d478b49ceaf0f7d9f18bd8c615ca53b7fadb362d33b8c
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC
Score

10^/10

discordrat defense_evasion persistence privilege_escalation rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Abuse Elevation Control Mechanism: Bypass User Account Control
  UAC Bypass Attempt via SilentCleanup Task.
  defense_evasion privilege_escalation
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdefense_evasionpersistenceprivilege_escalationratrootkitstealer