discordrat | 38b827612364773dc9164f4180a42ed8bdf59d50b9cf468aaff78f99b255e7c8

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 02:19

Target

82f4f8c08a0620fa1d65a5c716d1f1e6.exe
Size

78KB
MD5

82f4f8c08a0620fa1d65a5c716d1f1e6
SHA1

d4c8d076f1506bb33f13d45ed48a309c6ab26691
SHA256

38b827612364773dc9164f4180a42ed8bdf59d50b9cf468aaff78f99b255e7c8
SHA512

8aa41935bdf92d79e70c4718fe357df7ed671e8fa39b736f82d2a5bf4038988ee1e1dd30185144715c7cc7f7be8cb18267688489a2740912b3e2b8d8fd1cc33a
SSDEEP

1536:d2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+oPId+FH:dZv5PDwbjNrmAE+sId+FH

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIwNjYzMDA2MDg1NDA4MzYzNA.GnAKOm.aUFPbQ5wpHpCmFv1PuEPHDS_5vEXWahfzJpRe8
server_id
1206629234835988481

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2480	2036	82f4f8c08a0620fa1d65a5c716d1f1e6.exe	28
PID 2036 wrote to memory of 2480	2036	82f4f8c08a0620fa1d65a5c716d1f1e6.exe	28
PID 2036 wrote to memory of 2480	2036	82f4f8c08a0620fa1d65a5c716d1f1e6.exe	28

C:\Users\Admin\AppData\Local\Temp\82f4f8c08a0620fa1d65a5c716d1f1e6.exe
"C:\Users\Admin\AppData\Local\Temp\82f4f8c08a0620fa1d65a5c716d1f1e6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2036 -s 596
  2⤵
  PID:2480

memory/2036-0-0x000000013FC20000-0x000000013FC38000-memory.dmp

Filesize
96KB

Download
memory/2036-1-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download
memory/2036-2-0x0000000000880000-0x0000000000900000-memory.dmp

Filesize
512KB

Download
memory/2036-3-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download