discordrat | 125b32da71a719245f993ae15eb527602fc006a34150f1a62ca22aa09a4030be | Triage

Sharing

General

Target

Napse.exe
Size

78KB
Sample

250216-n7x99swkdk
MD5

cfc722721aed1873e23116c5356b6912
SHA1

ac0d0eeada08d10cc09fae392c6999454f33c112
SHA256

125b32da71a719245f993ae15eb527602fc006a34150f1a62ca22aa09a4030be
SHA512

d0ed14e5114f136ace912d91c9d3433255a07c3ad2153cb4a01657dc3e0952ac2aecca36d3453516b586fad1022ecb292019f42b409a9d747127a7360f20f2da
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM0MDQ2NTE3NDQ5ODI0NjczOQ.GgpecB.kxRx8APhEc6BRQBnDkZtHIm-oDM9l7KM5H6-nA
server_id
1340466656878530610

Targets

- Target
  
  Napse.exe
- Size
  
  78KB
- MD5
  
  cfc722721aed1873e23116c5356b6912
- SHA1
  
  ac0d0eeada08d10cc09fae392c6999454f33c112
- SHA256
  
  125b32da71a719245f993ae15eb527602fc006a34150f1a62ca22aa09a4030be
- SHA512
  
  d0ed14e5114f136ace912d91c9d3433255a07c3ad2153cb4a01657dc3e0952ac2aecca36d3453516b586fad1022ecb292019f42b409a9d747127a7360f20f2da
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC
Score

10^/10

discordrat persistence rat rootkit stealer discovery
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratdiscoverypersistenceratrootkitstealer