discordrat | 61bf28a874a46775933565e0de66dff720ff28b94332c75b7fb7889d6d74c888

Analysis

max time kernel
29s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
08-03-2024 00:12

Target

fr4ud doxxing tools.exe
Size

78KB
MD5

5b3689d3dbdb02f217ef687b165ad014
SHA1

ef7cbf843ecc5a75290e7d5f6d0e983a1aab7bce
SHA256

61bf28a874a46775933565e0de66dff720ff28b94332c75b7fb7889d6d74c888
SHA512

f10ccd1878d8dd5c8f4b48767a7ce667e9bc8f55d9b3e6147d1949a4b28e3386c856469bb23fe98067b9cfbae916d247131c6ad923c139672ffe16fa31b86ee9
SSDEEP

1536:Z2WjO8XeEXFx5P7v88wbjNrfxCXhRoKV6+V+iPIC:ZZ/5PDwbjNrmAE+OIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIwODM2NjY5MzkyNDIwODY0MA.Gjnp7J.LdQ5zf6Oy_KRcdcoR95-sZlPYAc8x7UViOVNpw
server_id
https://discord.gg/Dm9UZDZG

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4908	fr4ud doxxing tools.exe

C:\Users\Admin\AppData\Local\Temp\fr4ud doxxing tools.exe
"C:\Users\Admin\AppData\Local\Temp\fr4ud doxxing tools.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4908

memory/4908-0-0x000001E11E610000-0x000001E11E628000-memory.dmp

Filesize
96KB

Download
memory/4908-1-0x000001E138CF0000-0x000001E138EB2000-memory.dmp

Filesize
1.8MB

Download
memory/4908-2-0x00007FFF50910000-0x00007FFF513D2000-memory.dmp

Filesize
10.8MB

Download
memory/4908-3-0x000001E1390B0000-0x000001E1390C0000-memory.dmp

Filesize
64KB

Download
memory/4908-4-0x000001E13A270000-0x000001E13A798000-memory.dmp

Filesize
5.2MB

Download
memory/4908-5-0x00007FFF50910000-0x00007FFF513D2000-memory.dmp

Filesize
10.8MB

Download
memory/4908-6-0x000001E1390B0000-0x000001E1390C0000-memory.dmp

Filesize
64KB

Download