discordrat | d876e20f34b75f1cad501ab067be41d066e09b84fff573c8fdcdd1e3f73fedc0

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 10:39

Target

fun - Kopie.exe
Size

78KB
MD5

c1f49e823d3e4cdf4d5aeefacc97c032
SHA1

11833396697d17678fbc43583e6e517f15377d0a
SHA256

d876e20f34b75f1cad501ab067be41d066e09b84fff573c8fdcdd1e3f73fedc0
SHA512

b3bb4ab1da27e9aa493a3d76888723fc1464881fd3dbbb2183278a541c2c12275257755093feeb276e6ff4921e42c8a7c9e23cfa16008b6e5ad2b79a17fe33dd
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+ePIC:5Zv5PDwbjNrmAE+aIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE5OTA2Mjg5NTQ3NzEyOTIyNg.Ga05_V.w5WlWYagp88maYrP36lwsOILewgKNGOwGxTlBo
server_id
1199036898371436675

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5080	fun - Kopie.exe

C:\Users\Admin\AppData\Local\Temp\fun - Kopie.exe
"C:\Users\Admin\AppData\Local\Temp\fun - Kopie.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5080

memory/5080-0-0x000001DD558D0000-0x000001DD558E8000-memory.dmp

Filesize
96KB

Download
memory/5080-1-0x000001DD70040000-0x000001DD70202000-memory.dmp

Filesize
1.8MB

Download
memory/5080-2-0x00007FFDC3B50000-0x00007FFDC4611000-memory.dmp

Filesize
10.8MB

Download
memory/5080-3-0x000001DD575D0000-0x000001DD575E0000-memory.dmp

Filesize
64KB

Download
memory/5080-4-0x000001DD70840000-0x000001DD70D68000-memory.dmp

Filesize
5.2MB

Download
memory/5080-5-0x00007FFDC3B50000-0x00007FFDC4611000-memory.dmp

Filesize
10.8MB

Download
memory/5080-6-0x000001DD575D0000-0x000001DD575E0000-memory.dmp

Filesize
64KB

Download