discordrat | 6eceff2bd7be35836876d253b02bf31e9769fab72ce5764a4171407339c8c929 | Triage

Sharing

General

Target

6f69db9e402c3ced09d2fffff59f5981515853395757dfc131967bd18b3c1689.zip
Size

2KB
Sample

250224-alv15ayjhm
MD5

1c4c92ff2af49fe610e7ce84a9ce70ec
SHA1

31f4592dff771a24e9cfb15af4e86c7140edff26
SHA256

6eceff2bd7be35836876d253b02bf31e9769fab72ce5764a4171407339c8c929
SHA512

f2e1a7314f3f6e3f7a9a2fd7d6e38c1ced4f57af00c6cd715a2473cfc266cbd00ac6924ee68acfaf4215430a7ba708dad101e3da582d39d0184d2bbd909a1788

Score

10^/10

discordrat execution persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzNDYzOTY4MTUwOTUyMzUyOQ.GKm08B.ABNGZNfi6vtmOyFyLPoQUZtHxEaRDGGRtNo4Ig
server_id
1342605266801131601

Targets

- Target
  
  6f69db9e402c3ced09d2fffff59f5981515853395757dfc131967bd18b3c1689.ps1
- Size
  
  7KB
- MD5
  
  beab656dc763c45a35bf5833fae6349d
- SHA1
  
  15e66182eeb30ec6b1b8b37d083108b58e9457e1
- SHA256
  
  6f69db9e402c3ced09d2fffff59f5981515853395757dfc131967bd18b3c1689
- SHA512
  
  1743c0cfea6f09abbb5370baa2cad9bd3956d3c47c755c8ed4a7c6dd16d7e8df6fae670e60d93a182f97e1593770084a83613b78a6ea45997a2e2fcbb8113bf6
- SSDEEP
  
  192:oNQfEMxiPuj8JElIIxshDJ4J9yxWJrAikRhw1Qzf1dovaap0vo9vwvYvMqvUPPRs:/TiPGKiqwa7yXx/3
Score

10^/10

discordrat execution persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Blocklisted process makes network request
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discordratexecutionpersistenceratrootkitstealer