discordrat | 795c769ab8644ec57a4a3603aca48e91e42841dd36cfea9cd692e1afa29972d5

Resubmissions

17-04-2024 18:46

16-04-2024 23:32

max time kernel
1s
max time network
5s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17-04-2024 18:46

Target

Client-built.exe
Size

156KB
MD5

ac65982422f26dbbecc8ef1ed6eb1191
SHA1

f03c3cbbc1cb4eddb161e223529c81f51c8bdde0
SHA256

795c769ab8644ec57a4a3603aca48e91e42841dd36cfea9cd692e1afa29972d5
SHA512

e8aa0fddf4e310038e6068b4b16e5a170284b0e64987e387421fb28050e36d9a5802f2f8c9a95eb5b463b16429718c1d574ec1997894a4ee64fa49fdee47fb56
SSDEEP

3072:ZZv5PDwbjNrmAE+CIZPXQL14x8rVlq+hQCS895:/v5PDwbBruIVXwNQCR

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIyOTkzMzQ1Njc2NzU4NjMxNQ.GA8lvX.p2sO85UW28jqHfp9V6UnNZYpTZjcyonJ3PZ21I
server_id
1211176359427313724

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3924	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3924

memory/3924-0-0x0000026A2E900000-0x0000026A2E92A000-memory.dmp

Filesize
168KB

Download
memory/3924-1-0x0000026A49110000-0x0000026A492D2000-memory.dmp

Filesize
1.8MB

Download
memory/3924-2-0x00007FFDAECC0000-0x00007FFDAF782000-memory.dmp

Filesize
10.8MB

Download
memory/3924-3-0x0000026A49080000-0x0000026A49090000-memory.dmp

Filesize
64KB

Download
memory/3924-4-0x0000026A4A3E0000-0x0000026A4A908000-memory.dmp

Filesize
5.2MB

Download