discordrat | 125b32da71a719245f993ae15eb527602fc006a34150f1a62ca22aa09a4030be | Triage

Submit
Reports

Overview

overview

Static

static

Napse.exe

windows7-x64

Napse.exe

windows10-2004-x64

Sharing

General

Target

Napse.exe
Size

78KB
Sample

250216-pdagsawqar
MD5

cfc722721aed1873e23116c5356b6912
SHA1

ac0d0eeada08d10cc09fae392c6999454f33c112
SHA256

125b32da71a719245f993ae15eb527602fc006a34150f1a62ca22aa09a4030be
SHA512

d0ed14e5114f136ace912d91c9d3433255a07c3ad2153cb4a01657dc3e0952ac2aecca36d3453516b586fad1022ecb292019f42b409a9d747127a7360f20f2da
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC

Score

10^/10

discordrat adware discovery persistence privilege_escalation rat rootkit stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Napse.exe

Resource

win7-20240903-en

discordrat persistence rat rootkit stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Napse.exe

Resource

win10v2004-20250207-en

discordrat adware discovery persistence privilege_escalation rat rootkit stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM0MDQ2NTE3NDQ5ODI0NjczOQ.GgpecB.kxRx8APhEc6BRQBnDkZtHIm-oDM9l7KM5H6-nA
server_id
1340466656878530610

Targets

- Target
  
  Napse.exe
- Size
  
  78KB
- MD5
  
  cfc722721aed1873e23116c5356b6912
- SHA1
  
  ac0d0eeada08d10cc09fae392c6999454f33c112
- SHA256
  
  125b32da71a719245f993ae15eb527602fc006a34150f1a62ca22aa09a4030be
- SHA512
  
  d0ed14e5114f136ace912d91c9d3433255a07c3ad2153cb4a01657dc3e0952ac2aecca36d3453516b586fad1022ecb292019f42b409a9d747127a7360f20f2da
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+xPIC:5Zv5PDwbjNrmAE+hIC
Score

10^/10

discordrat persistence rat rootkit stealer adware discovery privilege_escalation
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratadwarediscoverypersistenceprivilege_escalationratrootkitstealer

© 2018-2025

Terms | Privacy