discordrat | 202b29183156bc3aa05506335ee845e273399ac0df7a3cd1381655d98fd837ac

Resubmissions

14-02-2024 04:15

14-02-2024 03:44

max time kernel
137s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 03:44

Target

Client-built.exe
Size

78KB
MD5

45670252e24b2d4110df19c33095506c
SHA1

7ecf07b8abc50761dc2446269fcca6b605fb610d
SHA256

202b29183156bc3aa05506335ee845e273399ac0df7a3cd1381655d98fd837ac
SHA512

30d2ca230410af06b2c456427fe4ccc9370049d3459b3e3443f7128e4c7b477abde5cea5bf2b5002fe553bbd16179e67a75243c3fff9ca8c393bbdd882593ce4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+BPIC:5Zv5PDwbjNrmAE+RIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIwNzE2ODI0NDk2ODg1NzYwMA.GWHBIV.VCe9Udd3Zf1B-7ZEYRvWqI8TtjD08-WUi1CdB8
server_id
993363396110077973

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2400	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2400

memory/2400-0-0x0000020904090000-0x00000209040A8000-memory.dmp

Filesize
96KB

Download
memory/2400-1-0x000002091E750000-0x000002091E912000-memory.dmp

Filesize
1.8MB

Download
memory/2400-2-0x00007FFB69A60000-0x00007FFB6A521000-memory.dmp

Filesize
10.8MB

Download
memory/2400-3-0x0000020904500000-0x0000020904510000-memory.dmp

Filesize
64KB

Download
memory/2400-4-0x000002091EF50000-0x000002091F478000-memory.dmp

Filesize
5.2MB

Download
memory/2400-5-0x00007FFB69A60000-0x00007FFB6A521000-memory.dmp

Filesize
10.8MB

Download
memory/2400-6-0x0000020904500000-0x0000020904510000-memory.dmp

Filesize
64KB

Download