discordrat | 1302d9f863c25bae202e553ef078f73d8c0324deff52d8388f7525872519a5bb | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-06-2024 13:54

Sharing

Report Analysis Logs

General

Target

SynapseXCRACKED.exe
Size

78KB
MD5

0ddd31e824f136e691bcfd2a0b9e2670
SHA1

34269cbd62e9badc52af71b2759575593a762fac
SHA256

1302d9f863c25bae202e553ef078f73d8c0324deff52d8388f7525872519a5bb
SHA512

786c994267fbe21e86ee829928b3d24cfa52890214700d5c2bede0232c05f13329ff605e908433c661dd4b7fc24b6a570a79c74f70e0504a43f80ff90d3d1fcb
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTEyOTI2NjIyNzkxOTk5MDgyNA.GInBmi.k0vV9HhM26FUzP8r3lgj8t304PciR2dvNYNKDQ
server_id
1129494586109206538

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SynapseXCRACKED.exe

description	pid	process	target process
PID 1620 wrote to memory of 2692	1620	SynapseXCRACKED.exe	WerFault.exe
PID 1620 wrote to memory of 2692	1620	SynapseXCRACKED.exe	WerFault.exe
PID 1620 wrote to memory of 2692	1620	SynapseXCRACKED.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\SynapseXCRACKED.exe
"C:\Users\Admin\AppData\Local\Temp\SynapseXCRACKED.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1620

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1620 -s 600
2⤵
PID:2692

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1620-0-0x000007FEF51B3000-0x000007FEF51B4000-memory.dmp

Filesize
4KB

Download
memory/1620-1-0x000000013FF60000-0x000000013FF78000-memory.dmp

Filesize
96KB

Download
memory/1620-2-0x000007FEF51B0000-0x000007FEF5B9C000-memory.dmp

Filesize
9.9MB

Download