Overview

overview

10

Static

static

10

Discord CR...2).exe

windows7-x64

10

Discord CR...2).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 08:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord CRACKED REGION CHANGER (2).exe

  • Size

    78KB

  • MD5

    b2b5aabd236b6690243b6f319e598385

  • SHA1

    21e99d6522739c74dee95674fe67163a1a2463af

  • SHA256

    d3817e4057e3a6989684db9516857f54eec6a914d9dabb85c7e8751a20cd37f1

  • SHA512

    c9cae54457bc6dbb21b78674a14533d8749eb2a989b76fddc4d7ebb685218f4de83f1be568d34ca6dc52f02d0d4aaa57f77b1ad856ddaf84a58ebc6c58606928

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LpPIC:5Zv5PDwbjNrmAE+dIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0Njk4NTc5Mzc1MTIyNDM2MA.GFZ3k3.L2Fa8O-0L-z7ZRzoAn_j_zb7WJkRDA-QlU_y5E

  • server_id

    1236875869461549097

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Discord CRACKED REGION CHANGER (2).exe
    "C:\Users\Admin\AppData\Local\Temp\Discord CRACKED REGION CHANGER (2).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2220 -s 596
      2⤵
        PID:1256

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2220-0-0x000007FEF5F83000-0x000007FEF5F84000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2220-1-0x000000013F320000-0x000000013F338000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2220-2-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2220-3-0x000007FEF5F83000-0x000007FEF5F84000-memory.dmp

      Filesize

      4KB

      Download