discordrat | aae8a9c54ce1f56d2f51f38d7b9d94574a9d5e1200562580b1103dae93996840

Analysis

max time kernel
93s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
26/02/2024, 02:05

Target

864803da1c3444a4cdac68dd53946995.exe
Size

78KB
MD5

864803da1c3444a4cdac68dd53946995
SHA1

687d719f5c323cd57796d9a0e0c78e5a39c10093
SHA256

aae8a9c54ce1f56d2f51f38d7b9d94574a9d5e1200562580b1103dae93996840
SHA512

a71fa39c7e0b281b321ac3f8c7d40f30a290af25b5123cecf37440788541cb39f50d3cdc42c0ee8508f03a231868c951ae12d8bb4b1be2bcab302e00c9e596d9
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIxMDY5NjM2NjQwMjE3OTEyMg.GX1pHC.glgutS1hT_Z_Je3ZUNIwkHPCS7VC2nHdhi-XVs
server_id
1210690491327193200

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4604	864803da1c3444a4cdac68dd53946995.exe

C:\Users\Admin\AppData\Local\Temp\864803da1c3444a4cdac68dd53946995.exe
"C:\Users\Admin\AppData\Local\Temp\864803da1c3444a4cdac68dd53946995.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4604

memory/4604-0-0x0000019DBEF90000-0x0000019DBEFA8000-memory.dmp

Filesize
96KB

Download
memory/4604-1-0x0000019DD9570000-0x0000019DD9732000-memory.dmp

Filesize
1.8MB

Download
memory/4604-3-0x0000019DD9530000-0x0000019DD9540000-memory.dmp

Filesize
64KB

Download
memory/4604-2-0x00007FF9C5120000-0x00007FF9C5BE1000-memory.dmp

Filesize
10.8MB

Download
memory/4604-4-0x0000019DD9D70000-0x0000019DDA298000-memory.dmp

Filesize
5.2MB

Download
memory/4604-5-0x00007FF9C5120000-0x00007FF9C5BE1000-memory.dmp

Filesize
10.8MB

Download
memory/4604-6-0x0000019DD9530000-0x0000019DD9540000-memory.dmp

Filesize
64KB

Download