discordrat | 1511db3cd12e77c5f8b2139f136e5c664e935f52538fc56ac878b4ba433be6e3

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-04-2024 23:46

Target

LimitedCheatsFiveM/FivemMenu.exe
Size

78KB
MD5

0f6e652458a3a3374d8fd603163d811b
SHA1

8a546dee8ca4f76c0675a0c95cf1e311faa3f454
SHA256

6ffd88a2de38e3272945a434fd763ddd9a6285372b171765d11a26b9a81e0a85
SHA512

a7cc2b6a58ebd836570121e1b0e373048ba7c4e44c1c02e0c759979b0bee8c0a8d8ab75d7a313bfb6dd6b22baf2d85f514f9c219168e10e98d9d0d1ef1f7c91d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIxMzIxNTQ2OTUxNTg0MTU4Nw.Gzn2dv.TGdD10yUa7ZZs7OvhvQ65BdJ9OfF6HFElNkqdA
server_id
1213214802600525834

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 2864	1068	FivemMenu.exe	28
PID 1068 wrote to memory of 2864	1068	FivemMenu.exe	28
PID 1068 wrote to memory of 2864	1068	FivemMenu.exe	28

C:\Users\Admin\AppData\Local\Temp\LimitedCheatsFiveM\FivemMenu.exe
"C:\Users\Admin\AppData\Local\Temp\LimitedCheatsFiveM\FivemMenu.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1068 -s 596
  2⤵
  PID:2864

memory/1068-0-0x000000013F640000-0x000000013F658000-memory.dmp

Filesize
96KB

Download
memory/1068-1-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/1068-2-0x000000001B980000-0x000000001BA00000-memory.dmp

Filesize
512KB

Download
memory/1068-3-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/1068-4-0x000000001B980000-0x000000001BA00000-memory.dmp

Filesize
512KB

Download