discordrat | 5b8271ad734987abb76bc62fbcc32f271333b56f3d18aad1daf0c15994ca799c

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-04-2024 01:04

Target

crack hx.exe
Size

78KB
MD5

17699e59c4833aef914f387b341c8a5c
SHA1

64244717232356ffdb3be2c66e7d0baaaa48e076
SHA256

5b8271ad734987abb76bc62fbcc32f271333b56f3d18aad1daf0c15994ca799c
SHA512

d44ea8b7dd24cc915b3424cf84cfe45dc6ec07449856e4e6202a8b4fbf6451a58c47efd938ff65053f904ab292f8f0e129b70ea8c0319ed0fca85e5ada84bc30
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+jPIC:5Zv5PDwbjNrmAE+7IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIwMzQ2NzM1NjQ0MjA3NTIwNg.GRBQTc.Z-71_qp27BcmJ3PM4vJ2xw62CJJiX5WZkqr4Ic
server_id
1203387593627144203

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2588	2248	crack hx.exe	28
PID 2248 wrote to memory of 2588	2248	crack hx.exe	28
PID 2248 wrote to memory of 2588	2248	crack hx.exe	28

C:\Users\Admin\AppData\Local\Temp\crack hx.exe
"C:\Users\Admin\AppData\Local\Temp\crack hx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2248 -s 600
  2⤵
  PID:2588

memory/2248-0-0x000000013FE30000-0x000000013FE48000-memory.dmp

Filesize
96KB

Download
memory/2248-1-0x000007FEF5720000-0x000007FEF610C000-memory.dmp

Filesize
9.9MB

Download
memory/2248-2-0x0000000002490000-0x0000000002510000-memory.dmp

Filesize
512KB

Download
memory/2248-3-0x000007FEF5720000-0x000007FEF610C000-memory.dmp

Filesize
9.9MB

Download
memory/2248-4-0x0000000002490000-0x0000000002510000-memory.dmp

Filesize
512KB

Download