discordrat | cd3e5d49eb9758e3c23d78957c5343edb79eca57583a364b358cc5cacdab5e46

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 07:42

Target

NullsBrawl.exe
Size

78KB
MD5

28891f63e9c5bd4a1108219946611857
SHA1

d5d59adb9592a57ca2744f0c5945cca99f670806
SHA256

cd3e5d49eb9758e3c23d78957c5343edb79eca57583a364b358cc5cacdab5e46
SHA512

03fed77c95d5982239ad0a3144767b02e5df59c34c29fc946f5eb3c6467a8226c02927d2d3c6f1252078ccf49fbfe210c0b4103cfde722096e3c36f6da10dc7b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nPIC:5Zv5PDwbjNrmAE+PIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE4NDQyNTY1ODYwOTMwNzY4OQ.GcS7yz.BeNfAXdn-NTJkKqHl8CfMLBb7QlfA8s_vy58oM
server_id
1184425613994500227

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2320	1708	NullsBrawl.exe	28
PID 1708 wrote to memory of 2320	1708	NullsBrawl.exe	28
PID 1708 wrote to memory of 2320	1708	NullsBrawl.exe	28

C:\Users\Admin\AppData\Local\Temp\NullsBrawl.exe
"C:\Users\Admin\AppData\Local\Temp\NullsBrawl.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1708 -s 596
  2⤵
  PID:2320

memory/1708-0-0x000000013FA20000-0x000000013FA38000-memory.dmp

Filesize
96KB

Download
memory/1708-1-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/1708-2-0x00000000007D0000-0x0000000000850000-memory.dmp

Filesize
512KB

Download
memory/1708-3-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/1708-4-0x00000000007D0000-0x0000000000850000-memory.dmp

Filesize
512KB

Download