discordrat | 60728dff05c95a07e870ff5db3e7c509e2a83c7606d9cedd465e3556eb801a00

Analysis

max time kernel
1561s
max time network
1562s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 20:35

Target

AmongUsMenu.exe
Size

217KB
MD5

e3cf82e6ef4d500a5b4bb3d0c9ba2e6e
SHA1

968952165941e4ae6242b77c52ff4529a7763468
SHA256

60728dff05c95a07e870ff5db3e7c509e2a83c7606d9cedd465e3556eb801a00
SHA512

190da0cc9499d87ef615e6b36f614df240a3e86d3bfb6ea2952ee407e0a45a2878bd35d2ce09223372bd3644fddd2929378a034db3eb6d5163e43d8e3806b6fe
SSDEEP

3072:QZv5PDwbjNrmAE+0IIpZ4RDlzKNpjAMt+lgJIft3AXsV+gE6+ui+NH9QlR:kv5PDwbBrwIIpNpjP+QZ6+uLN9

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE4ODgxNjUwNzA0MDQ0MDM2Mg.Gssdgm.Y-c4vKU30hG0gZbFd7kORZFoNCjnRRZbRdGrJ8
server_id
1188815612844191764

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2096	1196	AmongUsMenu.exe	28
PID 1196 wrote to memory of 2096	1196	AmongUsMenu.exe	28
PID 1196 wrote to memory of 2096	1196	AmongUsMenu.exe	28

C:\Users\Admin\AppData\Local\Temp\AmongUsMenu.exe
"C:\Users\Admin\AppData\Local\Temp\AmongUsMenu.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1196 -s 596
  2⤵
  PID:2096

memory/1196-0-0x000000013F0B0000-0x000000013F0EA000-memory.dmp

Filesize
232KB

Download
memory/1196-1-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/1196-2-0x000000001BAE0000-0x000000001BB60000-memory.dmp

Filesize
512KB

Download
memory/1196-3-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/1196-4-0x000000001BAE0000-0x000000001BB60000-memory.dmp

Filesize
512KB

Download