discordrat | ee9003a0679541941839e89bdeae1140b403dee93f3da8e00d07fa2a1cf86645

Analysis

max time kernel
92s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 00:22

Target

4f49a3b4999edee476226951edf9e660_NeikiAnalytics.exe
Size

78KB
MD5

4f49a3b4999edee476226951edf9e660
SHA1

38a8b065e1639af887bfbeca96e3e3737523e88f
SHA256

ee9003a0679541941839e89bdeae1140b403dee93f3da8e00d07fa2a1cf86645
SHA512

a1d02818a5e7da67c1a1d668e31bc810aa4210f5e53b1b4b1b28cddc1f930f33b46d8604957e1f9208925d8d86876a60e70161ee78455dbe7b0d7d45fe552148
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+ftPIC:5Zv5PDwbjNrmAE+f9IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIzNzQzMzkxMzAzMTUyNDQ4NQ.GFvi3K.V_5r5FgzeAwCXpDxI3tqc8L3R2oqz7Pk9FhzZg
server_id
1237108820572897433

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3272	4f49a3b4999edee476226951edf9e660_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4f49a3b4999edee476226951edf9e660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f49a3b4999edee476226951edf9e660_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3272

memory/3272-0-0x00007FFBBBDC3000-0x00007FFBBBDC5000-memory.dmp

Filesize
8KB

Download
memory/3272-1-0x00000269B9EC0000-0x00000269B9ED8000-memory.dmp

Filesize
96KB

Download
memory/3272-2-0x00000269D44A0000-0x00000269D4662000-memory.dmp

Filesize
1.8MB

Download
memory/3272-3-0x00007FFBBBDC0000-0x00007FFBBC881000-memory.dmp

Filesize
10.8MB

Download
memory/3272-4-0x00000269D4CE0000-0x00000269D5208000-memory.dmp

Filesize
5.2MB

Download
memory/3272-5-0x00007FFBBBDC0000-0x00007FFBBC881000-memory.dmp

Filesize
10.8MB

Download