Overview

overview

10

Static

static

10

ocean.exe

windows7-x64

10

ocean.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 23:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ocean.exe

  • Size

    78KB

  • MD5

    5b4483e4d0d5d3c245509d44f6ede105

  • SHA1

    7f55b3ff41fa5a810e44d74b79f5bf3953882707

  • SHA256

    379449b8c2d0053cea2aa786cf2ad6e3cd61e67793ac5b68be77358360b0ce42

  • SHA512

    14066a18f5439efc767cecd347b658679ba39fc7135bcbe6f3c731ceb38ce614788015391df1ed2fcdda9233d2a655156126d298e94d7479ccfb99028fb2012a

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNDEwODc0MjM5Njg3MDczNw.Gw9Kyr.z1zBnV1wCUwvnB-hn8vkxiW22uEX8O5oY4F9Qk

  • server_id

    1204106853043273729

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ocean.exe
    "C:\Users\Admin\AppData\Local\Temp\ocean.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1252 -s 596
      2⤵
        PID:1960

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1252-0-0x000007FEF5693000-0x000007FEF5694000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1252-1-0x000000013F780000-0x000000013F798000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1252-2-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1252-3-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

      Filesize

      9.9MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.