discordrat | 6fbb1c25814dd749fb423bc4f9bca99919030278a27ca09b9f997b3ef84d3c1d

Analysis

max time kernel
146s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
17-06-2024 17:50

Target

builder.exe
Size

78KB
MD5

5680a6247bf2ac6bd97f463863b3790c
SHA1

6a18553f769b60cc23b7fe5c87f3fcc1de060d36
SHA256

6fbb1c25814dd749fb423bc4f9bca99919030278a27ca09b9f997b3ef84d3c1d
SHA512

9ccdd13ab4d40542c4f38c6cee4553d7179d08b7e4926170fb582a6f6303e9c2358538f2b5b936e3112943b0df394c08350cc4b35e64c93c2831a8ceec738a18
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+sPIC:5Zv5PDwbjNrmAE+AIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1MTE4NjM4OTk1MzgxMDQ5NQ.GcIZgp.AMqtZCZqZtUob-d3gzU2LOM5ax5FJRSnHAEFIA
server_id
1250120108064378900

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4580	builder.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4228	MiniSearchHost.exe

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4580

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e9aa12ff0be6d995ed86f8cf88678158

SHA1
e5ee38fc2ebef0fcbc3059dee29b39f7daf21931

SHA256
f35cd8ef03ac924a59943c5dfffc31ab67a8b5aff272e9f47ff776aabc7ee561

SHA512
95a67acd2a4784b87d73910c1f1f590937c9d9b901e98448556a37eb8137ae5f458f1c673d65a46cf7d6b90bee5fe6b102ce3eeac9e819062cd9c5c2418bcbfc

Download Submit
memory/4580-0-0x00007FFCB83B3000-0x00007FFCB83B5000-memory.dmp

Filesize
8KB

Download
memory/4580-1-0x0000027826B40000-0x0000027826B58000-memory.dmp

Filesize
96KB

Download
memory/4580-2-0x0000027841350000-0x0000027841512000-memory.dmp

Filesize
1.8MB

Download
memory/4580-3-0x00007FFCB83B0000-0x00007FFCB8E72000-memory.dmp

Filesize
10.8MB

Download
memory/4580-11-0x00007FFCB83B0000-0x00007FFCB8E72000-memory.dmp

Filesize
10.8MB

Download