Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    78KB

  • Sample

    250328-16t8fasvgs

  • MD5

    6ab9c1eda7daf07dca994f5f6394d33a

  • SHA1

    0f3e3275c7738c28650233cfdefd58a75bc3148b

  • SHA256

    45f4ce529bfdf2ea1d1fc70f5a2737a9d2977172930c5570c56e9dbc44b6b391

  • SHA512

    e65f8611364cc2fb93f4d55828be33251bf150448eea073c8437396e4d22ea58c47c1f46a03742d063a8e0aa59f6454eaf9c20c76057811dd4506be4e9dc4c18

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score
10/10
discordratpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMwMTU4MzM1NDcxNzY2NzQxOQ.GE07zS.Z10SUgnyFbaVbeOcOiJUNXKaDOhU6MKfgqOx8Q

  • server_id

    1335294781940830239

Targets

    • Target

      Client-built.exe

    • Size

      78KB

    • MD5

      6ab9c1eda7daf07dca994f5f6394d33a

    • SHA1

      0f3e3275c7738c28650233cfdefd58a75bc3148b

    • SHA256

      45f4ce529bfdf2ea1d1fc70f5a2737a9d2977172930c5570c56e9dbc44b6b391

    • SHA512

      e65f8611364cc2fb93f4d55828be33251bf150448eea073c8437396e4d22ea58c47c1f46a03742d063a8e0aa59f6454eaf9c20c76057811dd4506be4e9dc4c18

    • SSDEEP

      1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

    Score
    10/10
    discordratpersistenceratrootkitstealerspyware

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks