Analysis
-
max time kernel
15s -
max time network
17s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 02:19
Behavioral task
behavioral1
Sample
RobloxPlayer.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
RobloxPlayer.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
RobloxPlayer.exe
-
Size
78KB
-
MD5
8f3d0d4044ff8cc1d847687568c91e14
-
SHA1
fd9049e0e5c074603b78a2aea228b75e4ce6c099
-
SHA256
1c7ffa12df8fc6b0617ddd3e7bf89582154156c803ca2b2df7a6073d43e13dc0
-
SHA512
afd8aa0948e588de2bb7d44687afccd5da52e613a06a26bbec862945a3cd1a80423b2e1929256bce23e92bac5b09f27e436c1223583d4507c6782da3d46760e4
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
-
server_id
1201970766531530822
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
RobloxPlayer.exedescription pid process Token: SeDebugPrivilege 3364 RobloxPlayer.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3364-0-0x0000024FC1AE0000-0x0000024FC1AF8000-memory.dmpFilesize
96KB
-
memory/3364-1-0x00007FFA85653000-0x00007FFA85655000-memory.dmpFilesize
8KB
-
memory/3364-2-0x0000024FDC180000-0x0000024FDC342000-memory.dmpFilesize
1.8MB
-
memory/3364-3-0x00007FFA85650000-0x00007FFA86111000-memory.dmpFilesize
10.8MB
-
memory/3364-4-0x0000024FDC980000-0x0000024FDCEA8000-memory.dmpFilesize
5.2MB