Overview

overview

10

Static

static

10

rblx hacks...lt.exe

windows7-x64

10

rblx hacks...lt.exe

windows10-2004-x64

10

rblx hacks...ib.dll

windows7-x64

1

rblx hacks...ib.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rblx hacks REAL/Client-built.exe

  • Size

    78KB

  • MD5

    456bf5de813e40ca39898ca6ba16b1d7

  • SHA1

    4b668377e4f81802f5a975739a2799d140e04d55

  • SHA256

    9ea8612ee8a4e2599a73e99cee7afd8be19faedd655ff2f54b1f06e486021135

  • SHA512

    7f3747235a0f48c774ad084207f43201dfdac9bc3bfd340f645cd7c13b61a853e01227756d1f9f154f5f541914c316b86fcbe1ab9a130aee117f17daab9b3191

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nPIC:5Zv5PDwbjNrmAE+PIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0OTU3NzU3NDA5MTE5NDQxOQ.GsOG5Z.ZZXzRiXjjatxWtgj6vEvWrUD7fTQVKec_XOUKg

  • server_id

    1177034497322127390

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rblx hacks REAL\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\rblx hacks REAL\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4856-0-0x00007FFE98213000-0x00007FFE98215000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4856-1-0x000001A9D6FF0000-0x000001A9D7008000-memory.dmp
    Filesize

    96KB

    Download
  • memory/4856-2-0x000001A9F1600000-0x000001A9F17C2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/4856-3-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/4856-4-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp
    Filesize

    10.8MB

    Download