Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03-06-2024 06:39
General
-
Target
540611034c0489b1b4e2822b692bff7167369ceaea4bfd334aeaa33e0ae6ae6e.exe
-
Size
78KB
-
MD5
a2da8356ef064960ab8dd09372627a58
-
SHA1
2edb364315b7f1a5ee652e015a1316c6640d2d2b
-
SHA256
540611034c0489b1b4e2822b692bff7167369ceaea4bfd334aeaa33e0ae6ae6e
-
SHA512
9e4770e0d3a9404ea78d532b08e4b70c1be77fcd5797601fb17c18e45b991c10407c595a52ca361affd6bffeb476cdbcba184dd07142f10d74f23c4f357b6ace
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+KPIC:5Zv5PDwbjNrmAE+WIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI0NjMwMTQ1MjQwNjc1MTI0Mg.GoEe4D.Ukxxcg2g6oiBh3IEoYa6C5FTUz1iU45J3sp1bU
-
server_id
1246300545325727776
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\540611034c0489b1b4e2822b692bff7167369ceaea4bfd334aeaa33e0ae6ae6e.exe"C:\Users\Admin\AppData\Local\Temp\540611034c0489b1b4e2822b692bff7167369ceaea4bfd334aeaa33e0ae6ae6e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2660 -s 6002⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2660-0-0x000007FEF5813000-0x000007FEF5814000-memory.dmpFilesize
4KB
-
memory/2660-1-0x000000013FF80000-0x000000013FF98000-memory.dmpFilesize
96KB
-
memory/2660-2-0x000007FEF5810000-0x000007FEF61FC000-memory.dmpFilesize
9.9MB
-
memory/2660-3-0x000007FEF5813000-0x000007FEF5814000-memory.dmpFilesize
4KB
-
memory/2660-4-0x000007FEF5810000-0x000007FEF61FC000-memory.dmpFilesize
9.9MB