discordrat | aae8a9c54ce1f56d2f51f38d7b9d94574a9d5e1200562580b1103dae93996840

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/02/2024, 02:05

Target

864803da1c3444a4cdac68dd53946995.exe
Size

78KB
MD5

864803da1c3444a4cdac68dd53946995
SHA1

687d719f5c323cd57796d9a0e0c78e5a39c10093
SHA256

aae8a9c54ce1f56d2f51f38d7b9d94574a9d5e1200562580b1103dae93996840
SHA512

a71fa39c7e0b281b321ac3f8c7d40f30a290af25b5123cecf37440788541cb39f50d3cdc42c0ee8508f03a231868c951ae12d8bb4b1be2bcab302e00c9e596d9
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIxMDY5NjM2NjQwMjE3OTEyMg.GX1pHC.glgutS1hT_Z_Je3ZUNIwkHPCS7VC2nHdhi-XVs
server_id
1210690491327193200

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2616	2992	864803da1c3444a4cdac68dd53946995.exe	28
PID 2992 wrote to memory of 2616	2992	864803da1c3444a4cdac68dd53946995.exe	28
PID 2992 wrote to memory of 2616	2992	864803da1c3444a4cdac68dd53946995.exe	28

C:\Users\Admin\AppData\Local\Temp\864803da1c3444a4cdac68dd53946995.exe
"C:\Users\Admin\AppData\Local\Temp\864803da1c3444a4cdac68dd53946995.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2992 -s 596
  2⤵
  PID:2616

memory/2992-0-0x000000013FCF0000-0x000000013FD08000-memory.dmp

Filesize
96KB

Download
memory/2992-1-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

Filesize
9.9MB

Download
memory/2992-2-0x000000001B270000-0x000000001B2F0000-memory.dmp

Filesize
512KB

Download
memory/2992-3-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

Filesize
9.9MB

Download
memory/2992-4-0x000000001B270000-0x000000001B2F0000-memory.dmp

Filesize
512KB

Download