discordrat | c3f50c1a06d78569baaffb4c0078e145541b76179aece4283936f209291208fd | Triage

Sharing

General

Target

echo-5A7E85-dWEyYXBi-wZdZlN-f.exe
Size

109KB
Sample

250218-rynw1ssr14
MD5

8ff7691ce984d8240d93140470ee90da
SHA1

e3f1ae792adab6026152b2a1733d42f91eb8b4b0
SHA256

c3f50c1a06d78569baaffb4c0078e145541b76179aece4283936f209291208fd
SHA512

8ab51ffc0fd628718f757ae5efba9cd781a17310350d2f4098b2785371714dffa5a398683c41e0376dd6256a5de4cf91c24e0f78af9d830e715178c877a5dbf3
SSDEEP

3072:EbRltj4wkI6yNKv0YhNq/BVPsbwNrDZWsH:Ent239qpdsb+r

Score

10^/10

discordrat persistence ransomware rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM0MTQxNTExNjMxNDM3ODMzMg.GLIZah.vcBmaDTBMQ_tIpXZH3Eu4541gUQs30_4_YK8fg
server_id
1341228042776875089

Targets

- Target
  
  echo-5A7E85-dWEyYXBi-wZdZlN-f.exe
- Size
  
  109KB
- MD5
  
  8ff7691ce984d8240d93140470ee90da
- SHA1
  
  e3f1ae792adab6026152b2a1733d42f91eb8b4b0
- SHA256
  
  c3f50c1a06d78569baaffb4c0078e145541b76179aece4283936f209291208fd
- SHA512
  
  8ab51ffc0fd628718f757ae5efba9cd781a17310350d2f4098b2785371714dffa5a398683c41e0376dd6256a5de4cf91c24e0f78af9d830e715178c877a5dbf3
- SSDEEP
  
  3072:EbRltj4wkI6yNKv0YhNq/BVPsbwNrDZWsH:Ent239qpdsb+r
Score

10^/10

discordrat persistence rat rootkit stealer ransomware
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer

behavioral2

discordratpersistenceransomwareratrootkitstealer