discordrat | d24b8f43e213892a8983486634f05d51b3be74a5086e772d364437e71afced60 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 02:53

Sharing

Report Analysis Logs

General

Target

89c9a0eada8efb9913320a758d35eccf.exe
Size

78KB
MD5

89c9a0eada8efb9913320a758d35eccf
SHA1

771d63cc7c288dc01df123b91e766a0d3f9c2adb
SHA256

d24b8f43e213892a8983486634f05d51b3be74a5086e772d364437e71afced60
SHA512

a595cd2ddb29e9fa0e17b2f5d4ad421cae70c7756e56bcc3cf2ae7cb1b5cfc293864ed1b03189eecfa028fe0cca66329576ee97ec7c28a1e9bf9051aa2b78767
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0OTQ2OTUzOTgyNjI3NDM0NQ.Gwe9io.1LizhZrROwujAL5djoKhHKCW7sd2OdMyOeHwS4
server_id
1249400378022166539

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3024	2388	89c9a0eada8efb9913320a758d35eccf.exe	28
PID 2388 wrote to memory of 3024	2388	89c9a0eada8efb9913320a758d35eccf.exe	28
PID 2388 wrote to memory of 3024	2388	89c9a0eada8efb9913320a758d35eccf.exe	28

C:\Users\Admin\AppData\Local\Temp\89c9a0eada8efb9913320a758d35eccf.exe
"C:\Users\Admin\AppData\Local\Temp\89c9a0eada8efb9913320a758d35eccf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2388 -s 600
  2⤵
  PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2388-0-0x000007FEF5AB3000-0x000007FEF5AB4000-memory.dmp

Filesize
4KB

Download
memory/2388-1-0x000000013F040000-0x000000013F058000-memory.dmp

Filesize
96KB

Download
memory/2388-2-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/2388-3-0x000007FEF5AB3000-0x000007FEF5AB4000-memory.dmp

Filesize
4KB

Download