discordrat | 6f69db9e402c3ced09d2fffff59f5981515853395757dfc131967bd18b3c1689 | Triage

Resubmissions

22-02-2025 22:46

250222-2p931a1ndm 10

22-02-2025 22:41

250222-2mjs2a1mhn 10

22-02-2025 21:12

250222-z15asazkfr 10

Sharing

General

Target

ClawGameTemp.ps1
Size

7KB
Sample

250222-z15asazkfr
MD5

beab656dc763c45a35bf5833fae6349d
SHA1

15e66182eeb30ec6b1b8b37d083108b58e9457e1
SHA256

6f69db9e402c3ced09d2fffff59f5981515853395757dfc131967bd18b3c1689
SHA512

1743c0cfea6f09abbb5370baa2cad9bd3956d3c47c755c8ed4a7c6dd16d7e8df6fae670e60d93a182f97e1593770084a83613b78a6ea45997a2e2fcbb8113bf6
SSDEEP

192:oNQfEMxiPuj8JElIIxshDJ4J9yxWJrAikRhw1Qzf1dovaap0vo9vwvYvMqvUPPRs:/TiPGKiqwa7yXx/3

Score

10^/10

discordrat execution persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzNDYzOTY4MTUwOTUyMzUyOQ.GKm08B.ABNGZNfi6vtmOyFyLPoQUZtHxEaRDGGRtNo4Ig
server_id
1342605266801131601

Targets

- Target
  
  ClawGameTemp.ps1
- Size
  
  7KB
- MD5
  
  beab656dc763c45a35bf5833fae6349d
- SHA1
  
  15e66182eeb30ec6b1b8b37d083108b58e9457e1
- SHA256
  
  6f69db9e402c3ced09d2fffff59f5981515853395757dfc131967bd18b3c1689
- SHA512
  
  1743c0cfea6f09abbb5370baa2cad9bd3956d3c47c755c8ed4a7c6dd16d7e8df6fae670e60d93a182f97e1593770084a83613b78a6ea45997a2e2fcbb8113bf6
- SSDEEP
  
  192:oNQfEMxiPuj8JElIIxshDJ4J9yxWJrAikRhw1Qzf1dovaap0vo9vwvYvMqvUPPRs:/TiPGKiqwa7yXx/3
Score

10^/10

discordrat execution persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Blocklisted process makes network request
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratexecutionpersistenceratrootkitstealer