Overview

overview

10

Static

static

10

newgame.exe

windows10-1703-x64

10

newgame.exe

windows11-21h2-x64

10

Resubmissions

08-06-2024 23:05

240608-22vh3sae24 10

08-06-2024 22:56

240608-2w6ddsad42 10

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-06-2024 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    newgame.exe

  • Size

    86KB

  • MD5

    da73d03e7e63df84355ca62baaefae8a

  • SHA1

    4a24296ce0275ab6d5439a155a17d8de80d549d5

  • SHA256

    16cef3c03efe6d11b261709e330058536b7bd186fad81e932f2a9db1cef78610

  • SHA512

    7d8c28fa0ee62228104af1bd25aefe3f18fea9e9983d1cbcfa2f18f9f2832c5471fe4f545e775f6ed775802b3d687d81c1a14292af3406f6ef613c39e0c617e7

  • SSDEEP

    1536:t2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIoC1:tZv5PDwbjNrmAE+IIoe

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0NzYwNjA2ODE3NTk2MjEzMw.G3Bv2h.Oi-mmhg6ZK_uTFZKjQiDOwr-wcEm-Hq0xizKtQ

  • server_id

    1247606720864321577

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\newgame.exe
    "C:\Users\Admin\AppData\Local\Temp\newgame.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1140-0-0x00007FFA0B7C3000-0x00007FFA0B7C5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1140-1-0x00000164614D0000-0x00000164614EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1140-2-0x000001647BB50000-0x000001647BD12000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1140-3-0x00007FFA0B7C0000-0x00007FFA0C282000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1140-4-0x000001647CE20000-0x000001647D348000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/1140-5-0x00007FFA0B7C3000-0x00007FFA0B7C5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1140-6-0x00007FFA0B7C0000-0x00007FFA0C282000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1140-7-0x000001647EDF0000-0x000001647EFA3000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1140-8-0x000001647B9C0000-0x000001647B9CE000-memory.dmp

    Filesize

    56KB

    Download