Analysis
-
max time kernel
9s -
max time network
11s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02-06-2024 07:32
Behavioral task
behavioral1
Sample
Celex Crack.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
4 signatures
300 seconds
General
-
Target
Celex Crack.exe
-
Size
78KB
-
MD5
863cb08abe72db48b4a4f2d6d87eeb6a
-
SHA1
ba73da385264fec2e77cadcf5896cdb76440d679
-
SHA256
d447d26ba27411b5bd5861b39374ff257f11cb604d416f2773b929741faedbc5
-
SHA512
c271f838eafed27ad00aa8afcd8476d4af62fcac7e292bd27f9bcc979c7405e743b919d9abb0ae88eb72ac5a87f13d309afe6e292e04a20fe7e8d5b97fa5b37f
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+GPIC:5Zv5PDwbjNrmAE+iIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI0NjQ5ODAwNDc1NjU5NDgxMQ.Gl4MPu.GqOJp71ZqsSF65vaOpvf6tc6aBgQa8uoRrPA6M
-
server_id
1246498216292388994
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 39 raw.githubusercontent.com 10 discord.com 11 discord.com 28 discord.com 38 raw.githubusercontent.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5048 Celex Crack.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Celex Crack.exe"C:\Users\Admin\AppData\Local\Temp\Celex Crack.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:81⤵PID:1752