Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
08-06-2024 22:56
Behavioral task
behavioral1
Sample
newgame.exe
Resource
win10-20240404-en
windows10-1703-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
newgame.exe
Resource
win11-20240426-en
windows11-21h2-x64
3 signatures
150 seconds
General
-
Target
newgame.exe
-
Size
86KB
-
MD5
da73d03e7e63df84355ca62baaefae8a
-
SHA1
4a24296ce0275ab6d5439a155a17d8de80d549d5
-
SHA256
16cef3c03efe6d11b261709e330058536b7bd186fad81e932f2a9db1cef78610
-
SHA512
7d8c28fa0ee62228104af1bd25aefe3f18fea9e9983d1cbcfa2f18f9f2832c5471fe4f545e775f6ed775802b3d687d81c1a14292af3406f6ef613c39e0c617e7
-
SSDEEP
1536:t2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIoC1:tZv5PDwbjNrmAE+IIoe
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI0NzYwNjA2ODE3NTk2MjEzMw.G3Bv2h.Oi-mmhg6ZK_uTFZKjQiDOwr-wcEm-Hq0xizKtQ
-
server_id
1247606720864321577
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
flow ioc 12 discord.com 1 raw.githubusercontent.com 7 discord.com 8 discord.com 9 discord.com 11 raw.githubusercontent.com 13 discord.com 14 discord.com 1 discord.com 4 discord.com 6 discord.com 10 discord.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1140 newgame.exe