discordrat | af41dbb0c726384d8622cbbb380d1754498b5663b4998993e87c82f2887970c5 | Triage

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

250131-tryhzsspbk
MD5

ec867ab06b4b2e564b16165f3cc7fe3e
SHA1

48cb3efca2cb8d060d2a5f073a6b91b635d7f9eb
SHA256

af41dbb0c726384d8622cbbb380d1754498b5663b4998993e87c82f2887970c5
SHA512

ea5a0c8ab5b50e6a5ed8f5eac98a0ee25799d3ba26618fb87839418bee802b9161c01ade77ae900d7ae9a90b78df7c77f5fa5fba1e74a3f973ec840c18a49f3b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+4PIC:5Zv5PDwbjNrmAE+cIC

Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzNDY3OTcxNjc0OTExNTQzMg.GZ-KIp.2xqEJU1ciF3RTvSBH9CVUqiDkwgmUoUm1NpRo8
server_id
1328389800323059743

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  ec867ab06b4b2e564b16165f3cc7fe3e
- SHA1
  
  48cb3efca2cb8d060d2a5f073a6b91b635d7f9eb
- SHA256
  
  af41dbb0c726384d8622cbbb380d1754498b5663b4998993e87c82f2887970c5
- SHA512
  
  ea5a0c8ab5b50e6a5ed8f5eac98a0ee25799d3ba26618fb87839418bee802b9161c01ade77ae900d7ae9a90b78df7c77f5fa5fba1e74a3f973ec840c18a49f3b
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+4PIC:5Zv5PDwbjNrmAE+cIC
Score

10^/10

discordrat discovery persistence rat rootkit stealer spyware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitstealer

behavioral2

discordratdiscoverypersistenceratrootkitspywarestealer