discordrat | aa97d1fb67f63a24e0baa78822473c5e9d022fdb5a5c462bbc3b851f0b95cb18 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 09:01

Sharing

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

e7d019334282cf299a84948b4afb90ec
SHA1

65d150f7143018fd4a68b7c2ef4afbd6af283afd
SHA256

aa97d1fb67f63a24e0baa78822473c5e9d022fdb5a5c462bbc3b851f0b95cb18
SHA512

c0888195a5343d4f34f836f655c0dfbd13ccb77d9cdf3acc8c7d4a5525c0ed73b68034523a65f9769b57a8cb93bc3d219343bdbb53d69e7b7518af8777fddf2e
SSDEEP

1536:22WjO8XeEXFZ5P7v88wbjNrfxCXhRoKV6+V+TPIC:2Zv5PDwbjNrmAE+LIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTA5OTM2NzcyMTc5NTYzNA.GZGI0Z.hugJrn-UEx58lTgO7xHZTjRyFin6gPHdph7_aY
server_id
https://discord.com/oauth2/authorize?client_id=1211099367721795634&permissions=8&scope=bot+applications.commands

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2480	2916	Client-built.exe	28
PID 2916 wrote to memory of 2480	2916	Client-built.exe	28
PID 2916 wrote to memory of 2480	2916	Client-built.exe	28

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2916 -s 596
  2⤵
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2916-0-0x000000013F0B0000-0x000000013F0C8000-memory.dmp

Filesize
96KB

Download
memory/2916-1-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-2-0x0000000000780000-0x0000000000800000-memory.dmp

Filesize
512KB

Download
memory/2916-3-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download