discordrat | 9633b40c48dd7c7a5659f5dcc939c943702a31d1a8337a8a4db8656033fc78c5

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 14:19

Target

Discord rat.exe
Size

78KB
MD5

c1e0a3b794356213d440e51b212d264b
SHA1

416e00db1bfbfbfbec8f8df56da1be904df97835
SHA256

9633b40c48dd7c7a5659f5dcc939c943702a31d1a8337a8a4db8656033fc78c5
SHA512

973db377daa47c70a4ee47f65fc2827a604a532b27bc2870ca5ebff57a3af3ea6b480cd4e2e97c7d374cfa321e2464c6280caab0294595fe8576cbad5b880dd5
SSDEEP

1536:u8BW8DliyHczE6GTX0R2/YVOAn1S7HlbcGiOPUQrNz+k2itbWNDTfx57ZUIPUDye:usW8DliyHczE6GTER2/YVOAn1S7HlbcS

Score

10^/10

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2596	2380	Discord rat.exe	28
PID 2380 wrote to memory of 2596	2380	Discord rat.exe	28
PID 2380 wrote to memory of 2596	2380	Discord rat.exe	28

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2380 -s 600
  2⤵
  PID:2596

memory/2380-0-0x000000013F2E0000-0x000000013F2F8000-memory.dmp

Filesize
96KB

Download
memory/2380-1-0x000007FEF5ED0000-0x000007FEF68BC000-memory.dmp

Filesize
9.9MB

Download
memory/2380-2-0x0000000000800000-0x0000000000880000-memory.dmp

Filesize
512KB

Download
memory/2380-3-0x000007FEF5ED0000-0x000007FEF68BC000-memory.dmp

Filesize
9.9MB

Download