discordrat | 523f1e82ca5f7f5abc3386327a3b464b9f35e8518c05415a58e94f3240165264 | Triage

Sharing

General

Target

FortniteModMenu.exe
Size

966KB
Sample

250204-3zfgtayng1
MD5

cd3c063e94fbcd56be085f6e0290fded
SHA1

cc093106469a4fc75d8bcd342d1d442d68cf6e8a
SHA256

523f1e82ca5f7f5abc3386327a3b464b9f35e8518c05415a58e94f3240165264
SHA512

f23134bf62a0574010e3231fad75aec12dc1e7cdd4e76456de46bd4a3f495fe569cb15aebbbe9bd5d07c85c4dfc41785c3923b7465f13218ba9d021a1435141f
SSDEEP

24576:wubsnafAPyjm9fFNydv1fQ8rAWYFjJ8MtwYzDt58zcvYrFa0:WI42VdQOwVJ8MpftcGYhT

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzNTk1MTc5MjE5MzkyOTI0Ng.Gkc8ii.D8r7ye-EOHoHP2lsMfESTYvLTIsuD87OQIk548
server_id
1335951872984485908

Targets

- Target
  
  FortniteModMenu.exe
- Size
  
  966KB
- MD5
  
  cd3c063e94fbcd56be085f6e0290fded
- SHA1
  
  cc093106469a4fc75d8bcd342d1d442d68cf6e8a
- SHA256
  
  523f1e82ca5f7f5abc3386327a3b464b9f35e8518c05415a58e94f3240165264
- SHA512
  
  f23134bf62a0574010e3231fad75aec12dc1e7cdd4e76456de46bd4a3f495fe569cb15aebbbe9bd5d07c85c4dfc41785c3923b7465f13218ba9d021a1435141f
- SSDEEP
  
  24576:wubsnafAPyjm9fFNydv1fQ8rAWYFjJ8MtwYzDt58zcvYrFa0:WI42VdQOwVJ8MpftcGYhT
Score

10^/10

discordrat discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitstealer