discordrat | be449362ee5003c6a1b6f73a7d3ef1b2d5b67c9eb57e317ab672df32fa8cf366

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 20:49

Target

rblx hacks REAL/Client-built.exe
Size

78KB
MD5

456bf5de813e40ca39898ca6ba16b1d7
SHA1

4b668377e4f81802f5a975739a2799d140e04d55
SHA256

9ea8612ee8a4e2599a73e99cee7afd8be19faedd655ff2f54b1f06e486021135
SHA512

7f3747235a0f48c774ad084207f43201dfdac9bc3bfd340f645cd7c13b61a853e01227756d1f9f154f5f541914c316b86fcbe1ab9a130aee117f17daab9b3191
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nPIC:5Zv5PDwbjNrmAE+PIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI0OTU3NzU3NDA5MTE5NDQxOQ.GsOG5Z.ZZXzRiXjjatxWtgj6vEvWrUD7fTQVKec_XOUKg
server_id
1177034497322127390

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious behavior: LoadsDriver 6 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4856	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\rblx hacks REAL\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\rblx hacks REAL\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4856

memory/4856-0-0x00007FFE98213000-0x00007FFE98215000-memory.dmp

Filesize
8KB

Download
memory/4856-1-0x000001A9D6FF0000-0x000001A9D7008000-memory.dmp

Filesize
96KB

Download
memory/4856-2-0x000001A9F1600000-0x000001A9F17C2000-memory.dmp

Filesize
1.8MB

Download
memory/4856-3-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

Filesize
10.8MB

Download
memory/4856-4-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

Filesize
10.8MB

Download