Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-06-2024 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    f42bdf8f20e5255f795c8674660b1726

  • SHA1

    33f091151b0c8fd79a54147745cf31a73fdc5b09

  • SHA256

    29c656fea6ff37a604471ab0ad639c84ee126068e0d35ec08ad4b7d6e10800df

  • SHA512

    348a29e0e4fbd64ac039987d5368e949c033a45ae51165f3f50d1d8189c3b5955d9ccb4fff40427f12771b4584dadc6aa7244e9241a5a76e1584f2442d8b43a2

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+gPIC:5Zv5PDwbjNrmAE+EIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1NDQzOTMwMjU1MzkyNzc2MQ.G0gbWG.p0dvgGvhzUkkjFPeMGPUIjn6cnvAGT0-eTUVi4

  • server_id

    539143760898949148

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4132-1-0x00007FFA94B33000-0x00007FFA94B35000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4132-0-0x0000022C1F000000-0x0000022C1F018000-memory.dmp
    Filesize

    96KB

    Download
  • memory/4132-2-0x0000022C39620000-0x0000022C397E2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/4132-3-0x00007FFA94B30000-0x00007FFA955F1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/4132-4-0x00007FFA94B30000-0x00007FFA955F1000-memory.dmp
    Filesize

    10.8MB

    Download