Overview

overview

10

Static

static

10

rat.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-04-2024 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rat.exe

  • Size

    78KB

  • MD5

    929dc19d792e6204fe1d87084ca7a836

  • SHA1

    99a3a2d27435cbfad1d50c00888036fb49d2b9ec

  • SHA256

    8eb155bda4d7820de37b140ab3403cfe36be6622bd27530a6cb0c9bf71f904d4

  • SHA512

    274b9c00b1a25fb80383c860104cec1cab492d574da20a2a6c81acd049eb60484631bddeb2606b76f27e07f58d99294870bf379b1f882fa9faca60ee5069d44b

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+gkPIC:5Zv5PDwbjNrmAE+g4IC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIxNjg5Mjc5MTQzNTY5MDA5NQ.G5lyNq.oRJxffFkpBd4E5YlrlJKZ2T70_OiHpc_3SNPso

  • server_id

    1216875388765077634

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rat.exe
    "C:\Users\Admin\AppData\Local\Temp\rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4740
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
    1⤵
      PID:1792
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4276
    • C:\Windows\System32\SystemSettingsBroker.exe
      C:\Windows\System32\SystemSettingsBroker.exe -Embedding
      1⤵
        PID:2348

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
        Filesize

        16KB

        MD5

        4029c3c9d28652e78fb0855a970d0145

        SHA1

        f2352e217366f430b07f00d88e1d79486f48468f

        SHA256

        5f9b8594ce3a6011d2938d8a187c87f221edbbfd49fd241daafcf5c29780dccd

        SHA512

        81605194dfc010ae93795182f5136baec9e4f83d08fa2d26f17eaa46be2753e535ba018c88c313d0929cbd964a04e6dda10baaa4a39d1144c8c7c674e8e7193e

        Download Submit

      • memory/4276-44-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-56-0x000002455E960000-0x000002455E961000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-45-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-75-0x000002455EBC0000-0x000002455EBC1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-46-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-74-0x000002455EAB0000-0x000002455EAB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-7-0x0000024556640000-0x0000024556650000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4276-23-0x0000024556740000-0x0000024556750000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4276-39-0x000002455ED20000-0x000002455ED21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-40-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-41-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-47-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-43-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-73-0x000002455EAB0000-0x000002455EAB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-71-0x000002455EAA0000-0x000002455EAA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-59-0x000002455E8A0000-0x000002455E8A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-42-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-48-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-49-0x000002455ED50000-0x000002455ED51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-50-0x000002455E970000-0x000002455E971000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-51-0x000002455E960000-0x000002455E961000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4276-53-0x000002455E970000-0x000002455E971000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4740-3-0x0000019592180000-0x0000019592190000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4740-5-0x00007FFD8E4E0000-0x00007FFD8EFA1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4740-1-0x00000195AA8A0000-0x00000195AAA62000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4740-2-0x00007FFD8E4E0000-0x00007FFD8EFA1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4740-0-0x0000019590280000-0x0000019590298000-memory.dmp

        Filesize

        96KB

        Download

      • memory/4740-6-0x0000019592180000-0x0000019592190000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4740-4-0x00000195AB0A0000-0x00000195AB5C8000-memory.dmp

        Filesize

        5.2MB

        Download