Analysis
-
max time kernel
93s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
05-06-2024 18:08
General
-
Target
Discord-RAT-2.0-2.0/Discord rat/Resources/unrootkit.exe
-
Size
3.3MB
-
MD5
56561903fd1e9dedfe029dd8c9172e7c
-
SHA1
ca2fbcd301d4e1ddb3e7fd2b53099e12c06e48c6
-
SHA256
4350a69f2630214a7b079e41e3ac2d7c5759a622a0cd1227ba12eee06d758d9a
-
SHA512
e16345c92a1639b4ff712591c5f736618ca6b0f83399e5f2265c747fe6829065dfcf9a27486e562ea0766b61c6362611e726e8bf7e943aab4e738bade1d8590d
-
SSDEEP
49152:x8ImhHy69ztxaY5lyni2DBZKe8taaY5lSni2DBZWL:OZdyeJH6
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe /Processid:{241ae10f-cca6-421a-bf21-2160f47b39cd}2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\Discord-RAT-2.0-2.0\Discord rat\Resources\unrootkit.exe"C:\Users\Admin\AppData\Local\Temp\Discord-RAT-2.0-2.0\Discord rat\Resources\unrootkit.exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
4KB
-
Filesize
9.6MB
-
Filesize
760KB
-
Filesize
2.0MB
-
Filesize
9.6MB
-
Filesize
9.6MB