discordrat | 88d0b715a36832b0e69d30b180dd927800969ab1f0e3b21e584cd8033373dcca | Triage

Resubmissions

31/03/2025, 15:21

250331-srce3svnz4 10

31/03/2025, 15:02

250331-sesarsste1 10

Sharing

General

Target

Client-built.exe
Size

78KB
Sample

250331-sesarsste1
MD5

7943c195a125d0684b7f139d22485d30
SHA1

d8e99c1d9c3fc1b3d54932510e8c15ef35326610
SHA256

88d0b715a36832b0e69d30b180dd927800969ab1f0e3b21e584cd8033373dcca
SHA512

1c563a84162fed409ed9dcd5c76c031ebf03ed0309f554ff7662421412ea213d310dd01fa5e8dfa4256bfe71ca5406d759446006cb13c36b84c974d0b48befff
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIC:5Zv5PDwbjNrmAE+IIC

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM1NjI4MTg2NTE3ODMxNjgyMA.GeoxaT.ocqOcSIpXr6UreUuaB7hoXHmcnhfEknTw6-SuE
server_id
1356279473779245056

Targets

- Target
  
  Client-built.exe
- Size
  
  78KB
- MD5
  
  7943c195a125d0684b7f139d22485d30
- SHA1
  
  d8e99c1d9c3fc1b3d54932510e8c15ef35326610
- SHA256
  
  88d0b715a36832b0e69d30b180dd927800969ab1f0e3b21e584cd8033373dcca
- SHA512
  
  1c563a84162fed409ed9dcd5c76c031ebf03ed0309f554ff7662421412ea213d310dd01fa5e8dfa4256bfe71ca5406d759446006cb13c36b84c974d0b48befff
- SSDEEP
  
  1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIC:5Zv5PDwbjNrmAE+IIC
Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit spyware stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdefense_evasiondiscoverypersistenceratrootkitspywarestealer