discordrat | 60728dff05c95a07e870ff5db3e7c509e2a83c7606d9cedd465e3556eb801a00

Resubmissions

24-02-2024 20:02

24-02-2024 20:01

24-02-2024 19:56

max time kernel
454s
max time network
456s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24-02-2024 20:01

Target

PSC-PaySafeCard Generator.exe
Size

217KB
MD5

e3cf82e6ef4d500a5b4bb3d0c9ba2e6e
SHA1

968952165941e4ae6242b77c52ff4529a7763468
SHA256

60728dff05c95a07e870ff5db3e7c509e2a83c7606d9cedd465e3556eb801a00
SHA512

190da0cc9499d87ef615e6b36f614df240a3e86d3bfb6ea2952ee407e0a45a2878bd35d2ce09223372bd3644fddd2929378a034db3eb6d5163e43d8e3806b6fe
SSDEEP

3072:QZv5PDwbjNrmAE+0IIpZ4RDlzKNpjAMt+lgJIft3AXsV+gE6+ui+NH9QlR:kv5PDwbBrwIIpNpjP+QZ6+uLN9

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE4ODgxNjUwNzA0MDQ0MDM2Mg.Gssdgm.Y-c4vKU30hG0gZbFd7kORZFoNCjnRRZbRdGrJ8
server_id
1188815612844191764

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3624	PSC-PaySafeCard Generator.exe

C:\Users\Admin\AppData\Local\Temp\PSC-PaySafeCard Generator.exe
"C:\Users\Admin\AppData\Local\Temp\PSC-PaySafeCard Generator.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3624

memory/3624-0-0x000001674C120000-0x000001674C15A000-memory.dmp

Filesize
232KB

Download
memory/3624-1-0x0000016766830000-0x00000167669F2000-memory.dmp

Filesize
1.8MB

Download
memory/3624-2-0x00007FF99CFD0000-0x00007FF99DA92000-memory.dmp

Filesize
10.8MB

Download
memory/3624-3-0x00000167667D0000-0x00000167667E0000-memory.dmp

Filesize
64KB

Download
memory/3624-4-0x0000016768730000-0x0000016768C58000-memory.dmp

Filesize
5.2MB

Download
memory/3624-5-0x00007FF99CFD0000-0x00007FF99DA92000-memory.dmp

Filesize
10.8MB

Download
memory/3624-6-0x00000167667D0000-0x00000167667E0000-memory.dmp

Filesize
64KB

Download