Resubmissions

06-05-2024 16:48

240506-vbc3saae5z 10

06-05-2024 16:46

240506-vaf32sdg49 10

Analysis

  • max time kernel
    46s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    06-05-2024 16:46

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    bf49c381e1f491849a6b197ce59091a2

  • SHA1

    60b070d49122d646113b8319d1d53a3dd9684831

  • SHA256

    32c8aa288370fd70b1efa6caca518ee9889956cd2af338646027d6e1e1ccf385

  • SHA512

    7c43354d293d2aff605a34e686ce5872140a90e05fd125eef9b30f01f0e661a7b6d442529a068d2ae6538622bc4a9132b09a0091b6952994b235c9d2db577567

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+rKPIC:5Zv5PDwbjNrmAE+qIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzMjQwMjQ1OTY1MDAzNTgxMw.GmfYkB.w4VWTLT1LsMRqc2UptmqpxHwQ9iS8vumwYxyW0

  • server_id

    1232401551646003363

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2156 -s 596
      2⤵
        PID:3032

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2156-0-0x000007FEF5AA3000-0x000007FEF5AA4000-memory.dmp

      Filesize

      4KB

    • memory/2156-1-0x000000013FCF0000-0x000000013FD08000-memory.dmp

      Filesize

      96KB

    • memory/2156-2-0x000007FEF5AA0000-0x000007FEF648C000-memory.dmp

      Filesize

      9.9MB

    • memory/2156-3-0x000007FEF5AA0000-0x000007FEF648C000-memory.dmp

      Filesize

      9.9MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.