discordrat | 700d9122601a761201eecd11ac6cd21ff23be101de641df0f0fc8a5e46df7258

Analysis

max time kernel
137s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 18:18

Target

Client-built.exe
Size

78KB
MD5

443dbdd00a5f762cc93a2a3832ddac98
SHA1

361d26a05242dbc3f8cf027ffab64ed615d111ae
SHA256

700d9122601a761201eecd11ac6cd21ff23be101de641df0f0fc8a5e46df7258
SHA512

54a07d5bc11a82c00e544d5c31365e11cac1be659f11766b55432d866cebcd6f59c312b7b18f417868c2ecccf23aabd2dc9404b0d72905b42398854221b1b668
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+9tPIC:5Zv5PDwbjNrmAE+bIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE3OTA1OTg1MDEzNTc0ODczMA.GGxVFo.7St6scgSuA_AF4ZkQihNuZJGi0x3Rz9-ucto_M
server_id
1240359327257333804

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4328	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4328

memory/4328-1-0x00007FF83E493000-0x00007FF83E495000-memory.dmp

Filesize
8KB

Download
memory/4328-2-0x0000023CCFAE0000-0x0000023CCFCA2000-memory.dmp

Filesize
1.8MB

Download
memory/4328-0-0x0000023CB53F0000-0x0000023CB5408000-memory.dmp

Filesize
96KB

Download
memory/4328-3-0x00007FF83E490000-0x00007FF83EF51000-memory.dmp

Filesize
10.8MB

Download
memory/4328-4-0x0000023CD02E0000-0x0000023CD0808000-memory.dmp

Filesize
5.2MB

Download
memory/4328-5-0x00007FF83E490000-0x00007FF83EF51000-memory.dmp

Filesize
10.8MB

Download