Overview

overview

10

Static

static

10

82f4f8c08a...e6.exe

windows7-x64

10

82f4f8c08a...e6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82f4f8c08a0620fa1d65a5c716d1f1e6.exe

  • Size

    78KB

  • MD5

    82f4f8c08a0620fa1d65a5c716d1f1e6

  • SHA1

    d4c8d076f1506bb33f13d45ed48a309c6ab26691

  • SHA256

    38b827612364773dc9164f4180a42ed8bdf59d50b9cf468aaff78f99b255e7c8

  • SHA512

    8aa41935bdf92d79e70c4718fe357df7ed671e8fa39b736f82d2a5bf4038988ee1e1dd30185144715c7cc7f7be8cb18267688489a2740912b3e2b8d8fd1cc33a

  • SSDEEP

    1536:d2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+oPId+FH:dZv5PDwbjNrmAE+sId+FH

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNjYzMDA2MDg1NDA4MzYzNA.GnAKOm.aUFPbQ5wpHpCmFv1PuEPHDS_5vEXWahfzJpRe8

  • server_id

    1206629234835988481

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82f4f8c08a0620fa1d65a5c716d1f1e6.exe
    "C:\Users\Admin\AppData\Local\Temp\82f4f8c08a0620fa1d65a5c716d1f1e6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4308-0-0x0000025AB3D70000-0x0000025AB3D88000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4308-1-0x0000025ACE430000-0x0000025ACE5F2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4308-2-0x00007FFE26E70000-0x00007FFE27931000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4308-3-0x0000025ACE420000-0x0000025ACE430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4308-4-0x0000025ACEC30000-0x0000025ACF158000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4308-5-0x00007FFE26E70000-0x00007FFE27931000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4308-6-0x0000025ACE420000-0x0000025ACE430000-memory.dmp

    Filesize

    64KB

    Download