discordrat | 2334a4519ae1aa064e12b6484e5ba9e1e16063441be92420d2077f9acf0f04a3

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 19:06

Target

injector.exe
Size

78KB
MD5

997bc4ce7d58191913f386b62737e547
SHA1

532ec6e768f92ba470673cd24f55458ca7104774
SHA256

2334a4519ae1aa064e12b6484e5ba9e1e16063441be92420d2077f9acf0f04a3
SHA512

1bdb5aa42f44ec2a9395621c7e0ea09784da8a503a6576236c82e12a36a74186104b857d400256c0122e86c000c476f0fa96379ea6ba119689979beae93867f2
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+OPIC:5Zv5PDwbjNrmAE+qIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIyNDA2MTAzMzQ4OTEwOTE0Mw.GG6OsM.gvmNCjFemn-m8sco5tZiTQhOWazT7Mq5aDarj8
server_id
1227693529006997554

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2200	2960	injector.exe	28
PID 2960 wrote to memory of 2200	2960	injector.exe	28
PID 2960 wrote to memory of 2200	2960	injector.exe	28

C:\Users\Admin\AppData\Local\Temp\injector.exe
"C:\Users\Admin\AppData\Local\Temp\injector.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2960 -s 596
  2⤵
  PID:2200

memory/2960-0-0x000000013F870000-0x000000013F888000-memory.dmp

Filesize
96KB

Download
memory/2960-1-0x000007FEF5EE0000-0x000007FEF68CC000-memory.dmp

Filesize
9.9MB

Download
memory/2960-2-0x000000001B980000-0x000000001BA00000-memory.dmp

Filesize
512KB

Download
memory/2960-3-0x000007FEF5EE0000-0x000007FEF68CC000-memory.dmp

Filesize
9.9MB

Download
memory/2960-4-0x000000001B980000-0x000000001BA00000-memory.dmp

Filesize
512KB

Download