Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Resubmissions

20-05-2024 17:01

240520-vjld5aae8v 10

20-05-2024 16:58

240520-vg2y4ahf97 10

Analysis

  • max time kernel
    97s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-05-2024 16:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    073dd2db5f1c8f643f16ce635cf26873

  • SHA1

    e2f065abeba96e805da81f6e8a35e5540f7ff1c5

  • SHA256

    d5f556561b77356e9b5e59a1e8b5710a754bea02aa493292bc47418eea15aae2

  • SHA512

    596bbabed3ab45b2afec11957a0dff35ea78f0222e50900635f3ca2fdd6d8a8200adfdfd8d52491e50da09493249d3c292810737d0a5c796582ec9b1a87923f2

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0MjE1OTIxMzg5MjA3OTY2Ng.Gfs1hQ.kfsXIbOSh1JbKEKQuCtNdKJgBn3JBh2znKqnfs

  • server_id

    1231247764390805565

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2184-0-0x00007FF841563000-0x00007FF841565000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2184-1-0x0000011E45A80000-0x0000011E45A98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2184-2-0x0000011E600C0000-0x0000011E60282000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2184-3-0x00007FF841560000-0x00007FF842021000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2184-4-0x0000011E608C0000-0x0000011E60DE8000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2184-5-0x00007FF841563000-0x00007FF841565000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2184-6-0x00007FF841560000-0x00007FF842021000-memory.dmp

    Filesize

    10.8MB

    Download