discordrat | c0fcf99f2c833215a2b1a66a119d73e043683c9ad107bff7038f305594b4008c | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 10:39

Sharing

Report Analysis Logs

General

Target

ratware 1v1.lol.exe
Size

78KB
MD5

36fda3dfca252d1a2eede45435dbe015
SHA1

32a97853079620d221cfadd007707e116f4dbf35
SHA256

c0fcf99f2c833215a2b1a66a119d73e043683c9ad107bff7038f305594b4008c
SHA512

7d1c828e2dff72f073492b6a8f575838d5bdb94e34876dc719cec0399b376e8eb93be8880d8e72ad3720d623e61fe334d2f41fea18158b4715aa20feba07324b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+hPIC:5Zv5PDwbjNrmAE+xIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTA5OTM2NzcyMTc5NTYzNA.GHfpUM.k-srYEtwFJOPdq2T5Hkgb9Ti2uK3v0ri2pP6SM
server_id
1211092147235987486

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 364	2492	ratware 1v1.lol.exe	28
PID 2492 wrote to memory of 364	2492	ratware 1v1.lol.exe	28
PID 2492 wrote to memory of 364	2492	ratware 1v1.lol.exe	28

C:\Users\Admin\AppData\Local\Temp\ratware 1v1.lol.exe
"C:\Users\Admin\AppData\Local\Temp\ratware 1v1.lol.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2492 -s 596
  2⤵
  PID:364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2492-0-0x000000013F4D0000-0x000000013F4E8000-memory.dmp

Filesize
96KB

Download
memory/2492-1-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2492-2-0x000000001BB70000-0x000000001BBF0000-memory.dmp

Filesize
512KB

Download
memory/2492-3-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download