discordrat | 795c769ab8644ec57a4a3603aca48e91e42841dd36cfea9cd692e1afa29972d5

Resubmissions

17-04-2024 18:46

240417-xek9nsbh5x 10

16-04-2024 23:32

240416-3jcqzsfe89 10

Analysis

max time kernel
145s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
16-04-2024 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

156KB
MD5

ac65982422f26dbbecc8ef1ed6eb1191
SHA1

f03c3cbbc1cb4eddb161e223529c81f51c8bdde0
SHA256

795c769ab8644ec57a4a3603aca48e91e42841dd36cfea9cd692e1afa29972d5
SHA512

e8aa0fddf4e310038e6068b4b16e5a170284b0e64987e387421fb28050e36d9a5802f2f8c9a95eb5b463b16429718c1d574ec1997894a4ee64fa49fdee47fb56
SSDEEP

3072:ZZv5PDwbjNrmAE+CIZPXQL14x8rVlq+hQCS895:/v5PDwbBruIVXwNQCR

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIyOTkzMzQ1Njc2NzU4NjMxNQ.GA8lvX.p2sO85UW28jqHfp9V6UnNZYpTZjcyonJ3PZ21I
server_id
1211176359427313724

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2516240262-2296879883-3965305654-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1932	Client-built.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2216	MiniSearchHost.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1932

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
0c943d5807f66fd05eaf54b70460b716

SHA1
8742f203c9f67681f02d957ead58b8911972d2bc

SHA256
0e925d935f62bf4b3fdced56bd3a66347f1fd2f5d75bc4b3a6fc5c5c74dd6fd8

SHA512
d23b577fa223237bad7c08b19a333780f24c942e70bb1c6800bfd97cfd6fef24af547b5d9392e149ddd5bbd151f0d1c4c1f31191aaf2dcb4aa7e1f17c9eabd37

Download Submit
memory/1932-0-0x000001E1AD6F0000-0x000001E1AD71A000-memory.dmp

Filesize
168KB

Download
memory/1932-1-0x000001E1C7D10000-0x000001E1C7ED2000-memory.dmp

Filesize
1.8MB

Download
memory/1932-2-0x00007FFE35BC0000-0x00007FFE36682000-memory.dmp

Filesize
10.8MB

Download
memory/1932-3-0x000001E1C7C60000-0x000001E1C7C70000-memory.dmp

Filesize
64KB

Download
memory/1932-4-0x000001E1C92E0000-0x000001E1C9808000-memory.dmp

Filesize
5.2MB

Download
memory/1932-12-0x00007FFE35BC0000-0x00007FFE36682000-memory.dmp

Filesize
10.8MB

Download
memory/1932-13-0x000001E1C7C60000-0x000001E1C7C70000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads