discordrat | 2b3df562a765db2c293061b34d63b1cfe91388267e42ae6a336e54ba22a9b3bc

Analysis

max time kernel
42s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 17:30

Target

Client-built.exe
Size

78KB
MD5

d06706804af570fdf6f467065f8cdcfa
SHA1

b54b2b4153842d208355d812a53e47f6ce3ba3c9
SHA256

2b3df562a765db2c293061b34d63b1cfe91388267e42ae6a336e54ba22a9b3bc
SHA512

b92dadba2ebd309e9056ff6668459a17325153b4a7a7d89959c6fa061035ee6920a15ee6146bf1ab658f1bc5d9f1e2bea2229b7b04923b3641e747fce70ab10b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V++PIC:5Zv5PDwbjNrmAE+6IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1MTk1MTY5NzUxMzY3NjkwMQ.GVq9iY.VCiHWr9KyMnuwstn9x5fiCnjjof0pQvvJue_8w
server_id
1251916764929982485

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Client-built.exe

description pid process

Token: SeDebugPrivilege 1832 Client-built.exe

description	pid	process
Token: SeDebugPrivilege	1832	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1280,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
1⤵
PID:3944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4240

memory/1832-1-0x00007FFBF8273000-0x00007FFBF8275000-memory.dmp

Filesize
8KB

Download
memory/1832-0-0x0000026E82120000-0x0000026E82138000-memory.dmp

Filesize
96KB

Download
memory/1832-2-0x0000026E9C740000-0x0000026E9C902000-memory.dmp

Filesize
1.8MB

Download
memory/1832-3-0x00007FFBF8270000-0x00007FFBF8D31000-memory.dmp

Filesize
10.8MB

Download
memory/1832-4-0x0000026E9CA80000-0x0000026E9CBEA000-memory.dmp

Filesize
1.4MB

Download
memory/1832-5-0x00007FFBF8270000-0x00007FFBF8D31000-memory.dmp

Filesize
10.8MB

Download