Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

Analysis

  • max time kernel
    10s
  • max time network
    26s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 13:36

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    5303b622bce3e3e834f8ef7b7032b72a

  • SHA1

    bd21d53135c83e49402d95e22ebe444e1d651759

  • SHA256

    3ff315f28d572b228fd4f49838c2267c8db6f65d1f7623415bccb042866fb5a9

  • SHA512

    3780f89c716cef460e39bd609fc823ccc31a12414da8afc1f60a4fbf1c2c2621eb94c4e27023669b5e9f9fb6a457f5570cb58411ad3410383fe8c0aea24115bf

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzOTIwOTIzMjM0NDAyMzEwMg.Gmz6N5.mwHGVKInDtPheooSI124RsRpFgpD0LdsyrYfGI

  • server_id

    1239207264523653171

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3144-0-0x00000254E9020000-0x00000254E9038000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3144-1-0x00007FF844743000-0x00007FF844745000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3144-2-0x00000254EB670000-0x00000254EB832000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3144-3-0x00007FF844740000-0x00007FF845201000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3144-4-0x00000254EBF70000-0x00000254EC498000-memory.dmp

    Filesize

    5.2MB

    Download