Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-06-2024 14:55

General

  • Target

    bdeb1c21b2eb3126d5376a15e2438821_EXE_leonel1022 backdoor.exe

  • Size

    78KB

  • MD5

    bdeb1c21b2eb3126d5376a15e2438821

  • SHA1

    7ee99a827ee71a6dc54d5e1adc1ee650f624bcab

  • SHA256

    35f586efd9b4582468ddeb877a576ae97737b7976e6f6622a2959053d35edc91

  • SHA512

    4dc3bffa35c9ae3b244f83a18b6043c9c2c6dd3b74e426bfd989662d71ca5ea1ad45839b24d9366fd390172b9bf34fce6552a866038b182b88fd2ccab888fdb8

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0MjgyODA0NTYzMTQ5MjE0Nw.GaK9_b.DkeSn-Pej4eo5IcrUmOmowhbH0dXKH8vZX3FZ4

  • server_id

    1242477718638170204

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdeb1c21b2eb3126d5376a15e2438821_EXE_leonel1022 backdoor.exe
    "C:\Users\Admin\AppData\Local\Temp\bdeb1c21b2eb3126d5376a15e2438821_EXE_leonel1022 backdoor.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4824-1-0x00007FFCE2233000-0x00007FFCE2235000-memory.dmp

    Filesize

    8KB

  • memory/4824-0-0x000001193B0B0000-0x000001193B0C8000-memory.dmp

    Filesize

    96KB

  • memory/4824-2-0x0000011955700000-0x00000119558C2000-memory.dmp

    Filesize

    1.8MB

  • memory/4824-3-0x00007FFCE2230000-0x00007FFCE2CF2000-memory.dmp

    Filesize

    10.8MB

  • memory/4824-4-0x00007FFCE2230000-0x00007FFCE2CF2000-memory.dmp

    Filesize

    10.8MB