discordrat | 3f45c42ab3a574473116d521a14a11a90b8ace39a29c50198f09d752dd0a0e65 | Triage

Sharing

General

Target

ascoli_calcio.jpg.exe
Size

964KB
Sample

250417-xze86a1qx6
MD5

22c4ee1d05a5dd535701997246118c46
SHA1

96b81a7618eac49f88ab3344df7110c9fae01a9f
SHA256

3f45c42ab3a574473116d521a14a11a90b8ace39a29c50198f09d752dd0a0e65
SHA512

bc87c9b7be3706e537dc2dcf959ed684d72d2597425712fb28cf45c81fb01913c8dc4b88546479a84b8dae3ae97fcfb76c72cf287fa7042dfae77ade9d8a80ef
SSDEEP

24576:muDXTIGaPhEYzUzA0FfRd7gRo+Er86CcVXB/G:JDjlabwz9Ff/7Yo+EAgG

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM2MTY4MTkxMTk5ODcxNDAwNw.Gdu-jE.evuMbDLIsj01QSbsAvfXEJHfZL2_NIuT9AmzYI
server_id
1358508313515655268

Targets

- Target
  
  ascoli_calcio.jpg.exe
- Size
  
  964KB
- MD5
  
  22c4ee1d05a5dd535701997246118c46
- SHA1
  
  96b81a7618eac49f88ab3344df7110c9fae01a9f
- SHA256
  
  3f45c42ab3a574473116d521a14a11a90b8ace39a29c50198f09d752dd0a0e65
- SHA512
  
  bc87c9b7be3706e537dc2dcf959ed684d72d2597425712fb28cf45c81fb01913c8dc4b88546479a84b8dae3ae97fcfb76c72cf287fa7042dfae77ade9d8a80ef
- SSDEEP
  
  24576:muDXTIGaPhEYzUzA0FfRd7gRo+Er86CcVXB/G:JDjlabwz9Ff/7Yo+EAgG
Score

10^/10

discordrat persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratpersistenceratrootkitstealer