discordrat | f5c01bceb79437333a7fcee8c7eb537f0d165d22626815fd45cc6721895e17f8

Analysis

max time kernel
36s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 17:45

Target

FunnyDoxTool.exe
Size

78KB
MD5

d0b858303947d101e8b9a57c343d71ff
SHA1

17c34168cc66dd98722a9d8c775e1323271e9488
SHA256

f5c01bceb79437333a7fcee8c7eb537f0d165d22626815fd45cc6721895e17f8
SHA512

8a309d3c63ed8ac01096e31d8676abc6515352ff0411df453a754c2f5c73c17e0e144b1aaefae289adf21f1cbaecfcadb965df848424c0f40c7cc7bd5f707532
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+XPIC:5Zv5PDwbjNrmAE+fIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIyMjY1ODg0NzM1NzkyNzQzNQ.G46owp.2JEzFsoF0sNveJ3Ig7Q_yTdVD59ktO7ZBNMdzw
server_id
1211370597838487562

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 3 IoCs

C:\Users\Admin\AppData\Local\Temp\FunnyDoxTool.exe
"C:\Users\Admin\AppData\Local\Temp\FunnyDoxTool.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4704

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\FunnyDoxTool.exe
"C:\Users\Admin\AppData\Local\Temp\FunnyDoxTool.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4888

C:\Users\Admin\AppData\Local\Temp\FunnyDoxTool.exe
"C:\Users\Admin\AppData\Local\Temp\FunnyDoxTool.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3496

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\GYXYZBUQ-20240412-1149.log
1⤵
PID:3624

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\GYXYZBUQ-20240412-1149a.log
1⤵
PID:3328

memory/3496-7-0x00007FF9F6EF0000-0x00007FF9F79B1000-memory.dmp

Filesize
10.8MB

Download
memory/3496-13-0x00007FF9F6EF0000-0x00007FF9F79B1000-memory.dmp

Filesize
10.8MB

Download
memory/3496-9-0x0000018CC10B0000-0x0000018CC10C0000-memory.dmp

Filesize
64KB

Download
memory/4704-3-0x000002CD74C80000-0x000002CD74C90000-memory.dmp

Filesize
64KB

Download
memory/4704-4-0x000002CD756C0000-0x000002CD75BE8000-memory.dmp

Filesize
5.2MB

Download
memory/4704-0-0x000002CD5A720000-0x000002CD5A738000-memory.dmp

Filesize
96KB

Download
memory/4704-8-0x00007FF9F6EF0000-0x00007FF9F79B1000-memory.dmp

Filesize
10.8MB

Download
memory/4704-2-0x00007FF9F6EF0000-0x00007FF9F79B1000-memory.dmp

Filesize
10.8MB

Download
memory/4704-10-0x000002CD74C80000-0x000002CD74C90000-memory.dmp

Filesize
64KB

Download
memory/4704-1-0x000002CD74D80000-0x000002CD74F42000-memory.dmp

Filesize
1.8MB

Download
memory/4888-5-0x00007FF9F6EF0000-0x00007FF9F79B1000-memory.dmp

Filesize
10.8MB

Download
memory/4888-6-0x0000025C308D0000-0x0000025C308E0000-memory.dmp

Filesize
64KB

Download
memory/4888-11-0x00007FF9F6EF0000-0x00007FF9F79B1000-memory.dmp

Filesize
10.8MB

Download
memory/4888-12-0x0000025C308D0000-0x0000025C308E0000-memory.dmp

Filesize
64KB

Download