discordrat | 3fcfc7ed8a9fe616540b4e12926021b8ee515879f555a1e697961483bccb4fa5 | Triage

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

250201-j19bqswrgl
MD5

c5fe943c63dffbd58b0f61b70ce570e3
SHA1

1e0385df0eeb6078a04607866cdd0adf47646521
SHA256

3fcfc7ed8a9fe616540b4e12926021b8ee515879f555a1e697961483bccb4fa5
SHA512

b961ccb840443f5eb78fefa5417e22796f6e0b7272788b8fcdc6abd57262a1c2b4357050171a70af2b0e5d30a1849b081020f3498ab07e50aacbf9f60c32114b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+RPIC:5Zv5PDwbjNrmAE+BIC

Score

10^/10

discordrat persistence ransomware rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzNDg2ODQ0OTQ4MjI0ODI1NA.GmvrOG.IWZ9BB6ZJ0i5ytcVVC-P4pzKCiMdbTruowhj90
server_id
1335159502953254943

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  c5fe943c63dffbd58b0f61b70ce570e3
- SHA1
  
  1e0385df0eeb6078a04607866cdd0adf47646521
- SHA256
  
  3fcfc7ed8a9fe616540b4e12926021b8ee515879f555a1e697961483bccb4fa5
- SHA512
  
  b961ccb840443f5eb78fefa5417e22796f6e0b7272788b8fcdc6abd57262a1c2b4357050171a70af2b0e5d30a1849b081020f3498ab07e50aacbf9f60c32114b
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+RPIC:5Zv5PDwbjNrmAE+BIC
Score

10^/10

discordrat persistence ransomware rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discordratpersistenceransomwareratrootkitstealer