Overview

overview

10

Static

static

10

newgame.exe

windows10-1703-x64

10

newgame.exe

windows10-2004-x64

10

Resubmissions

08-06-2024 23:05

240608-22vh3sae24 10

08-06-2024 22:56

240608-2w6ddsad42 10

Analysis

  • max time kernel
    451s
  • max time network
    1175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-06-2024 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    newgame.exe

  • Size

    86KB

  • MD5

    da73d03e7e63df84355ca62baaefae8a

  • SHA1

    4a24296ce0275ab6d5439a155a17d8de80d549d5

  • SHA256

    16cef3c03efe6d11b261709e330058536b7bd186fad81e932f2a9db1cef78610

  • SHA512

    7d8c28fa0ee62228104af1bd25aefe3f18fea9e9983d1cbcfa2f18f9f2832c5471fe4f545e775f6ed775802b3d687d81c1a14292af3406f6ef613c39e0c617e7

  • SSDEEP

    1536:t2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIoC1:tZv5PDwbjNrmAE+IIoe

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0NzYwNjA2ODE3NTk2MjEzMw.G3Bv2h.Oi-mmhg6ZK_uTFZKjQiDOwr-wcEm-Hq0xizKtQ

  • server_id

    1247606720864321577

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\newgame.exe
    "C:\Users\Admin\AppData\Local\Temp\newgame.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3280-0-0x000001DAE3410000-0x000001DAE342A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3280-1-0x00007FFE97363000-0x00007FFE97365000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3280-2-0x000001DAFD980000-0x000001DAFDB42000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3280-3-0x00007FFE97360000-0x00007FFE97E21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3280-4-0x000001DAFE2C0000-0x000001DAFE7E8000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3280-5-0x00007FFE97360000-0x00007FFE97E21000-memory.dmp

    Filesize

    10.8MB

    Download