Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-03-2024 01:13
Behavioral task
behavioral1
Sample
28bc9d7b03c0193c8e39356a3918c283.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28bc9d7b03c0193c8e39356a3918c283.exe
Resource
win10v2004-20240226-en
General
-
Target
28bc9d7b03c0193c8e39356a3918c283.exe
-
Size
78KB
-
MD5
28bc9d7b03c0193c8e39356a3918c283
-
SHA1
aa8a0449e50ab88b7581d030dae27656d3ce750a
-
SHA256
e45f355a20da8f62a76ecfe9c4a8bf771a758da2a94e5f21b3f40fdf4e495577
-
SHA512
17249d646e8b890fd2472b5b71637286fbf3d9d8e989b3b0bd8c4d8aa3358bc55dd8bcb7949a85f6f6a218bca0e079c967115715f1457e867c3ebec20b78a8d4
-
SSDEEP
1536:h2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V++PId:hZv5PDwbjNrmAE+6Id
Malware Config
Extracted
discordrat
-
discord_token
MTA1NTYxMjI2MTEwMTc0ODI3NA.Gga7En.nff0UktfNY9-rOMpPI8K8TtWuYMsw82Ms30hDY
-
server_id
1206669799229489283
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
28bc9d7b03c0193c8e39356a3918c283.exedescription pid process target process PID 1288 wrote to memory of 1728 1288 28bc9d7b03c0193c8e39356a3918c283.exe WerFault.exe PID 1288 wrote to memory of 1728 1288 28bc9d7b03c0193c8e39356a3918c283.exe WerFault.exe PID 1288 wrote to memory of 1728 1288 28bc9d7b03c0193c8e39356a3918c283.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\28bc9d7b03c0193c8e39356a3918c283.exe"C:\Users\Admin\AppData\Local\Temp\28bc9d7b03c0193c8e39356a3918c283.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1288 -s 5962⤵PID:1728
-