Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 02:31
Behavioral task
behavioral1
Sample
dis.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
dis.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
dis.exe
-
Size
78KB
-
MD5
b6310ca2c49b28fbac28fef7a0877d18
-
SHA1
8451bac38ac99353f658e7b0042fe653d4292da0
-
SHA256
f895e12abca5b1c4bbd96166ff1900b55e6fb2537b664b39bb140628531e8f65
-
SHA512
ba01e5f1295552a78b0ce58f25f4019a1d374918ab6a187cd07c2715a965a1a0c6a71b22a39d52ad20efeda0fc5c790a5afd64ff648f77b0538219c6e0d42e6c
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+sPIC:5Zv5PDwbjNrmAE+AIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTE5ODg5OTYxNjc0MjEyNTYxOQ.GnQUlc.09G3jOrvsBUkj3tHkQPTbGic1sDnwN7xUFlV3o
-
server_id
1201324675507171409
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1928 wrote to memory of 1892 1928 dis.exe 28 PID 1928 wrote to memory of 1892 1928 dis.exe 28 PID 1928 wrote to memory of 1892 1928 dis.exe 28