discordrat | 7489e6f15e2c7b6319b3ccf40bd0360251783a257c51a7791c1b77c6c271ec6d

Resubmissions

06-06-2024 12:12

06-06-2024 12:10

max time kernel
1380s
max time network
1174s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 12:10

Target

Client-built.exe
Size

78KB
MD5

01a4ce4dd5b00747493bed5deebaae17
SHA1

779ce63d942892c2296d8864287941b547462cd5
SHA256

7489e6f15e2c7b6319b3ccf40bd0360251783a257c51a7791c1b77c6c271ec6d
SHA512

a4e8a7d92c55e6408ace17d8a02af9b43910d6b5eb29c2c98a63f25983ce55a7738027b6edce02fba83e2e69cfb5a0ac9d9637a13c1ad909dc7b2f0f1ab8ca05
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+DPIC:5Zv5PDwbjNrmAE+bIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI0ODI0MTU5ODY4NTUxNTg1MA.GzyIwU._prrDCdD0LwAjYsJHZG5xYNLF9UZJF3BCQCXGE
server_id
1248242109069131776

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Client-built.exe

description pid process

Token: SeDebugPrivilege 4728 Client-built.exe

description	pid	process
Token: SeDebugPrivilege	4728	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4728

memory/4728-0-0x000001D40B9C0000-0x000001D40B9D8000-memory.dmp

Filesize
96KB

Download
memory/4728-1-0x00007FFFC7ED3000-0x00007FFFC7ED5000-memory.dmp

Filesize
8KB

Download
memory/4728-2-0x000001D425F70000-0x000001D426132000-memory.dmp

Filesize
1.8MB

Download
memory/4728-3-0x00007FFFC7ED0000-0x00007FFFC8991000-memory.dmp

Filesize
10.8MB

Download
memory/4728-4-0x000001D4267B0000-0x000001D426CD8000-memory.dmp

Filesize
5.2MB

Download
memory/4728-5-0x00007FFFC7ED0000-0x00007FFFC8991000-memory.dmp

Filesize
10.8MB

Download