discordrat | 29c656fea6ff37a604471ab0ad639c84ee126068e0d35ec08ad4b7d6e10800df

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 14:16

Target

Client-built.exe
Size

78KB
MD5

f42bdf8f20e5255f795c8674660b1726
SHA1

33f091151b0c8fd79a54147745cf31a73fdc5b09
SHA256

29c656fea6ff37a604471ab0ad639c84ee126068e0d35ec08ad4b7d6e10800df
SHA512

348a29e0e4fbd64ac039987d5368e949c033a45ae51165f3f50d1d8189c3b5955d9ccb4fff40427f12771b4584dadc6aa7244e9241a5a76e1584f2442d8b43a2
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+gPIC:5Zv5PDwbjNrmAE+EIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1NDQzOTMwMjU1MzkyNzc2MQ.G0gbWG.p0dvgGvhzUkkjFPeMGPUIjn6cnvAGT0-eTUVi4
server_id
539143760898949148

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4132	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4132

memory/4132-1-0x00007FFA94B33000-0x00007FFA94B35000-memory.dmp

Filesize
8KB

Download
memory/4132-0-0x0000022C1F000000-0x0000022C1F018000-memory.dmp

Filesize
96KB

Download
memory/4132-2-0x0000022C39620000-0x0000022C397E2000-memory.dmp

Filesize
1.8MB

Download
memory/4132-3-0x00007FFA94B30000-0x00007FFA955F1000-memory.dmp

Filesize
10.8MB

Download
memory/4132-4-0x00007FFA94B30000-0x00007FFA955F1000-memory.dmp

Filesize
10.8MB

Download