discordrat | 1c471f3b9ee0589bcbf4c73c166fe7f4cc4532a1b2e9e7d6ab254aac50d2c799 | Triage

Sharing

General

Target

Roblox-Executor-main.zip
Size

984KB
Sample

250221-r1syratpcn
MD5

ee44e989411d258e3f4bb6a9e41d15ce
SHA1

91b7747d80ee90076802d0354c862004f5b937b4
SHA256

1c471f3b9ee0589bcbf4c73c166fe7f4cc4532a1b2e9e7d6ab254aac50d2c799
SHA512

d187dae5010136d0ebcaee92f01526e9f439b461d9a51a924a7fd3f90e56dc9b7b5bd57235cdb310139634ce641e2cddaaa2a3d38713429a33b931895ec1abd1
SSDEEP

24576:NiRVQP5NA9mS+l3npeNEoCQpRfpXW0KPuVHmkAkPLXH:NLhNzSk3doCMpXBKPurA2

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMjc1MDAyNzU0MTcwODkwNA.GHs0bs.4ABsXyl7MANNv3xFFACs7Pg-RPmWjbvxLF5xHo
server_id
1332750480958554152

Targets

- Target
  
  Roblox-Executor-main.zip
- Size
  
  984KB
- MD5
  
  ee44e989411d258e3f4bb6a9e41d15ce
- SHA1
  
  91b7747d80ee90076802d0354c862004f5b937b4
- SHA256
  
  1c471f3b9ee0589bcbf4c73c166fe7f4cc4532a1b2e9e7d6ab254aac50d2c799
- SHA512
  
  d187dae5010136d0ebcaee92f01526e9f439b461d9a51a924a7fd3f90e56dc9b7b5bd57235cdb310139634ce641e2cddaaa2a3d38713429a33b931895ec1abd1
- SSDEEP
  
  24576:NiRVQP5NA9mS+l3npeNEoCQpRfpXW0KPuVHmkAkPLXH:NLhNzSk3doCMpXBKPurA2
Score

1^/10
behavioral1
- Target
  
  Roblox-Executor-main/AntiCheatBypass.EXE.exe
- Size
  
  1.2MB
- MD5
  
  2576c5e07aec6a04ccf0c68fb1ea5373
- SHA1
  
  d4e85b5f4911ee1f177c46ae4749a0c78aa3b615
- SHA256
  
  a0ecbd1d8f8276ff594c691a5a1cf8c50098026b4ba4a28c6c069cc007325de6
- SHA512
  
  4a9232d2ce66e9e67c98520365bf1ff5e87b672f6b988d701170df8f9e516780e0434374077d02966e82113f07fb171fdcd618e05aa93b9f49289fa698c66250
- SSDEEP
  
  24576:7uDXTIGaPhEYzUzA0qjQ+y5aJSzNevuFlXl+NtZ4eBGYCQpRprHGuV/rh63I:yDjlabwz9X++aJueMXlqHIYCorHNNY3I
Score

10^/10

discordrat persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discordratpersistenceratrootkitspywarestealer