discordrat | aa0316816724b47a30eb700b8034f12e1387827bf6ad4305c81dbe31f2ba1f0f | Triage

Analysis

max time kernel
132s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-05-2024 08:57

Sharing

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

4cc3a192f38f0ba95fa9d68e97f6ef3c
SHA1

be1939d58b92d674a6de1687c66dae7d4dd2ecee
SHA256

aa0316816724b47a30eb700b8034f12e1387827bf6ad4305c81dbe31f2ba1f0f
SHA512

2b8cc93b66a8afd3941baa2ce76a25db53e5843d3751baad6cdc050d8a52c4d84cd23271da6d7781c589fff4352f06e39529e8a80c78e1acb36181be51c253c4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0MTMxMTE3MDk1NTMxNzM1OQ.GtZ2dx.2B3nuUu0A_CuQdHvi3hc41LhN-OI3weFEtjBqU
server_id
1241107698636820601

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2880	AUDIODG.EXE
Token: 33	2880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2880	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3028	2932	Client-built.exe	28
PID 2932 wrote to memory of 3028	2932	Client-built.exe	28
PID 2932 wrote to memory of 3028	2932	Client-built.exe	28

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2932 -s 596
  2⤵
  PID:3028

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xcc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-0-0x000007FEF5353000-0x000007FEF5354000-memory.dmp

Filesize
4KB

Download
memory/2932-1-0x000000013F720000-0x000000013F738000-memory.dmp

Filesize
96KB

Download
memory/2932-2-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

Filesize
9.9MB

Download
memory/2932-3-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

Filesize
9.9MB

Download