discordrat | 379449b8c2d0053cea2aa786cf2ad6e3cd61e67793ac5b68be77358360b0ce42

Analysis

max time kernel
116s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ocean.exe
Size

78KB
MD5

5b4483e4d0d5d3c245509d44f6ede105
SHA1

7f55b3ff41fa5a810e44d74b79f5bf3953882707
SHA256

379449b8c2d0053cea2aa786cf2ad6e3cd61e67793ac5b68be77358360b0ce42
SHA512

14066a18f5439efc767cecd347b658679ba39fc7135bcbe6f3c731ceb38ce614788015391df1ed2fcdda9233d2a655156126d298e94d7479ccfb99028fb2012a
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwNDEwODc0MjM5Njg3MDczNw.Gw9Kyr.z1zBnV1wCUwvnB-hn8vkxiW22uEX8O5oY4F9Qk
server_id
1204106853043273729

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ocean.exe

description pid process

Token: SeDebugPrivilege 3172 ocean.exe

description	pid	process
Token: SeDebugPrivilege	3172	ocean.exe

C:\Users\Admin\AppData\Local\Temp\ocean.exe
"C:\Users\Admin\AppData\Local\Temp\ocean.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Downloads\AssertRepair.temp
Filesize
663KB

MD5
1f1e6d4417e612066e344fb162929b69

SHA1
2ed36c00654ce31faca2c34210bd92023238aa2a

SHA256
c641abfedb6622f4b6083e15881d145cad8ddf0bc8749e1fc00951c357b147fc

SHA512
f28c4f678cb163e6b5e391c2cb80cebd91832e4174ff45d259325a0f4782cdc148b0661729ed16843691b456ab955c35052775964bac7806757e160b1410359d

Download Submit
C:\Users\Admin\Downloads\CheckpointPop.odt
Filesize
355KB

MD5
b5a594374afaeea922948a24687a7f1a

SHA1
e1006083b677ef5066c11c376c0d93f8df71cb13

SHA256
8f51589fdd62f678b78c3d17089db8e59d493834fa744b636bf3b4b119dd092a

SHA512
cf4aca5b5eefe52910bf1ac70cf2c4aed4166fb09505492b28cf5340d532ea643f4f326e105c6077db2ce0462ad5ab643080a8c8d322ba69bfa2076b7f3ea23a

Download Submit
C:\Users\Admin\Downloads\CompressReset.aiff
Filesize
836KB

MD5
7c07c3c0ddca11e4c9c591cd2aa5f2f8

SHA1
dd271bfaaa139b0d213cae060ed9d51eb378032e

SHA256
5e02821f0723b14311dc186a2e381b265ae056a14add74be141edfac8788b50e

SHA512
5e4e77c5d3093e5c3fdc40988f389ff283443d8e6f1555e49101761d63a63df6e0a021e197d6f19bf10cef96804c07c530b06fb51e78a1ba11b6f091a7bcc140

Download Submit
C:\Users\Admin\Downloads\ConfirmRedo.jpeg
Filesize
855KB

MD5
9cf1e0d767c4d7d58a75ffb85ce67929

SHA1
1ef369b1ebf0d7597deffcdd81caf8593424bb09

SHA256
8ffd939a1ab738189c22461da953cbbe060f068a04b4394c98bfab4783974655

SHA512
17b96f97029a502a37defdeae60c5fc36661f96498548d8faedef3102af77c34833dd9e83c2322e43331a3cac3496fad044acccab3ab200cf947fb0a86165b36

Download Submit
C:\Users\Admin\Downloads\ConnectConfirm.bat
Filesize
970KB

MD5
b458df6696f67f39a859a80df07f16fd

SHA1
ac9ae3007f965e8449239d82be5acf8e0449e355

SHA256
18e8f8c78e623f25389ac79f193466fbe9c7b6d4f9cfa378901d2a8013fd6fc3

SHA512
86c189ace45f38ace71922640e45d496957e83dc9de7eb4fc4b20489d679933bad096580e678b4792394dcbac15f46c6933e1b75711a7987f894622442180503

Download Submit
C:\Users\Admin\Downloads\ConvertGrant.mid
Filesize
682KB

MD5
a0d7473fd4b872229af3da75d35f7393

SHA1
76bebe603b56f2a383a18ec46ae99517780b2229

SHA256
bc991cb20f6559c8c392c0e3b677e193e2d6f13c427d74415457c5623a8ad972

SHA512
83b4afd89d639857d8602c96f9dd779e264179203e8f3c010761930b2fbf84adf3734b1ed5e15dd2ef04d138e99f1ef1729dd68241f49535deab5487b7669fa3

Download Submit
C:\Users\Admin\Downloads\DisableUnlock.search-ms
Filesize
874KB

MD5
a2567f68204691012d47f919eca7231b

SHA1
008317a8b1f222121d1869bb400ce9873a2dafb1

SHA256
92c890bf7cc6d85befafcf5764e8c3afab159bee4ad7372ba3e235e7ea56221c

SHA512
b5c3a34d0e0c0c99956b36594fe8f63c0feb2efd76c54dbc74df2b14224d7b32e3be446fb7d97bf06ea4e5875b92320f4637fed16d239b7aa6442d9cc6834fd1

Download Submit
C:\Users\Admin\Downloads\EditShow.vdx
Filesize
432KB

MD5
e7a07970fd2a03d56913841fb93d72b2

SHA1
2acbe00eb61bb039d466ab72435d41f1ec35cf94

SHA256
ff6479615198abff76de95ee955e7dc753bed5f73a5e80b88e08d1d78f6deef9

SHA512
7882dc20e3c18f46dc91097cc2260be7b292fcfb4c5cbd5242810c3c763b67e17ce6d03ee8d1d9505be470383a9dfe77653d7587b1ed33b28df4095fa46d1d0f

Download Submit
C:\Users\Admin\Downloads\EnterExport.doc
Filesize
394KB

MD5
9b425aead2bc76fe7873d2b1ca6c27c9

SHA1
85a3a2df816a725796fa9880e94e324877506457

SHA256
709aa738a9ac92f7375ec195bef0f894b5532d82677bc3adf15fd2d3705d2b36

SHA512
d973f59eb6bc6128311242dd0b64e743ff02ae0fe2850d0674ea7a3b25a54f8662d390ed98c5500760aea6aee7cf9816bdb5c04b924447bf71debc4f27f19e7c

Download Submit
C:\Users\Admin\Downloads\EnterRegister.aiff
Filesize
778KB

MD5
a9c6b6cc1558e83169a076f10d3fb23c

SHA1
9120e25106b9387e32cc70da274f91369a1ef410

SHA256
90486abddd3fcfe73a7e369328a6a651cad6ef8eb2cf080c41ce4a5977818bc0

SHA512
a783a62f24008f3423522dce4d622a78f7f5c374cc4808d24dac07b6068667b94a062782253c1ffd01abb2cc9327bfcc33877daa8416fdc724f97934556f165a

Download Submit
C:\Users\Admin\Downloads\ExpandDeny.ico
Filesize
490KB

MD5
2a8fc76f07b8a379233abf955f3e6395

SHA1
285b34d91eb36b1775df0fe371d68117b506e352

SHA256
89a09cd2c40fed9e5df0a08f7fe798afbee43fa0ba720a356e16a27245b64ff5

SHA512
26fccc66b29d01b61f9e659c5d598eb44fddc05d9c48be8de583bb6bf02360274744fb1e00bfe40d8ef20ec25f11c0a1890451efdc9e29a5ece2582622868e01

Download Submit
C:\Users\Admin\Downloads\FindConvertFrom.ogg
Filesize
528KB

MD5
baec6f0c830c353ba87efcd734106b6f

SHA1
365181da5be776a577a725adf82a4f7073c19c93

SHA256
77a84bce1cce1a0dcc22671a98f775e73cf5e687b056f17acc1673ebacc464cc

SHA512
2e5cf170984509d1bc47e36ad444add8806353a315a403e5021cb43ab45cfd534181b33c94fae50b850330444319e1a8e3bfdd1012cd0c2539afc748fcdfa0e6

Download Submit
C:\Users\Admin\Downloads\GrantConvertFrom.jpg
Filesize
951KB

MD5
b662e2178699fa20f4b62960dd32d7b5

SHA1
16dfd9e0abf20c0281f86bdbb111b3b1a914e6b5

SHA256
8f82650d5719837c64b49df4e35cd8458010a3a56c41a289c34aa3efc86e13e7

SHA512
6c4881a416a6e40ebf8eb744497e88ea88ca790381f2a10142c3693d2f34efbea17b22cd5037992e4f4736b186005f8261c3263e619be0acfef64219256a0a81

Download Submit
C:\Users\Admin\Downloads\NewLimit.mp4
Filesize
374KB

MD5
52ef658cdc29b769a6ecba56705b0e4a

SHA1
f6311035190e3d02784906ecac169f0de583964f

SHA256
a4b138388f0702933f84a8b3896588dc1474cf96ad08095cbdd937c70c97726b

SHA512
70c9ee475f4352dd5c9f72ccbd7c875d5fafa8b63ceac35b0ff0c9a1fc59c08969c85c9c4affc49405525371fc3a3639d8f92f394c25207f8e51b4628be79926

Download Submit
C:\Users\Admin\Downloads\PingRevoke.xht
Filesize
797KB

MD5
cc0c382cf1ff1d42555ad683a6043235

SHA1
7e76183680cf6e185f510ceba9ddac4fddf31f7f

SHA256
af53470cde7c5b2fddc1745975f748640fe0905359c8275bf955ca03dd3b5d15

SHA512
f9044524824fd30a474552916b100fe3d1c29fa7594bf780da22808f575a4c2c41aa9061a3d7af070a0dfd63b7c754322707e76a83e03a8444bb578185383b44

Download Submit
C:\Users\Admin\Downloads\ReadInstall.rm
Filesize
817KB

MD5
270d9304662e5823227e1c6080e66f7c

SHA1
e3d44d0d9f58b971fcfd48de5fd5d4f57ca1ca70

SHA256
70094080f8e4aed398f3728147bf02f47ad4b862ef04dd10ea05927b4ef0e816

SHA512
ba2beb8b20126ba77cabc8895470999aeb7467a624a759d16da6de16fe1a5512379fb11e70a63af2d7ec6f6eb4591e1d44f29cd70d80d8330df22c46fb3f6a84

Download Submit
C:\Users\Admin\Downloads\ReadUndo.iso
Filesize
701KB

MD5
f1b25a4c36f773982dfc095b254f5a80

SHA1
cfea74bf69a01eee2a18616472c288c200860344

SHA256
d526c6ce2d6ca2211d4f881e6b751d5fd95e236db2f3db1a77cb411370a130a9

SHA512
6279cf6ed4fa82ce9775aada7a94a1349c3b0b883396220d4aac3866d240d9c3a5360995f3df7a685944aedd23f458e4e059ca6179120642dfee10a24279cd94

Download Submit
C:\Users\Admin\Downloads\ResizeSend.temp
Filesize
509KB

MD5
0e5405312bfa935a083d2f1a67d0be7b

SHA1
50a1a991b64c457da1e41f7c7e033d1209818b52

SHA256
1fce0f414c3356003955eef52dcaaaab9479eeca29a3db220f2e43c876b3d0e7

SHA512
a315fb505d5a7b929a083a81afbf0b7d96d2b2f3cb4301903ba85e173800adcce3210d31552043a51d77aa1bffa6bf0db6df80596c871ae704da12e5457041e9

Download Submit
C:\Users\Admin\Downloads\ResumeResize.ogg
Filesize
624KB

MD5
5f1ae77c7710bfe813fd193c24ba487b

SHA1
53e5bcc1024c0885a5c77ab0ad12b21aee3246df

SHA256
f3fb95aced9247f157fb7054762dc1b4f74e3c24ac6afed6b431fc9c2211e48e

SHA512
e43378640c66b3adf46719559f075f18521251ae8b40f8ded8b89d4422bb943f06bb9bf929a22d31836d13ebaf8f696c76b37213f66dc31a86aa649be551abf4

Download Submit
C:\Users\Admin\Downloads\SaveExpand.rar
Filesize
413KB

MD5
2d415d1d5b0e7fcb4bfdf0ac10f7427c

SHA1
1f8f2cab0149fbc5e69909e864cff6a14d5d2bb3

SHA256
04a41e61049f933f7772164c7b67f381188abd46133a4d4f1f1dc860353acd0b

SHA512
2a88092dc1272a5cd4b41b3123674f32510d653ce51eed86ec0bd8d82b6315b9e40f0f2d18a54320d59fd6b291fe43c3f3e1365e708def4e10330de48cd85117

Download Submit
C:\Users\Admin\Downloads\SelectStop.tiff
Filesize
586KB

MD5
2f1af528767ec7ec49f75eade80d6f45

SHA1
81401d8d22639290a4725534674ccafe1d27c398

SHA256
a2cc8d2a0b33f1bd0786bb11a6984236ec5f4a0169260110b1efec2ae66d42f2

SHA512
1b7b76a4b4a84b40fa461d5691d56c001a70ded96f487c4e2bb03e0bfe062d74345fcad365f1b12daa5402a99cc45e6c42cde03551222a89829ac20495acf31d

Download Submit
C:\Users\Admin\Downloads\SelectUnpublish.mp4v
Filesize
759KB

MD5
4a80baa27548f74df7c63e6ab5d76840

SHA1
076e7be4c27c3c24529fc4ec268b55deccfc6ad7

SHA256
f859efb0a4c48130826aa7ebf26b9305130b7d3ca0f9c51354e8735ea0ed51e2

SHA512
98c348023d97ba26bda5baa3ec468dd8f3dfa6e4069a50aca37cda46647748016fb1063f444ad11b2dc3d43dbb1b2dc83fd33c4cdaf404b1f53d1510a97bc198

Download Submit
C:\Users\Admin\Downloads\SendMeasure.bmp
Filesize
605KB

MD5
d1fba50411e211181b0ee8ae9ce0f301

SHA1
cf6d0cfe7592c6963f65191fb1569926eba7bc8a

SHA256
0d5b4f04dc6d15a7226c1b454a863905f1e71d7046a49362e4e940c3a83637ca

SHA512
f2af5e3b18a96a54dea69e6261646d2b11968d53d67778e4d79fb8dd53f6f377f937815c2622a01781ca31f3777da987c1239dc5a57e5f2de333f07ef32cab27

Download Submit
C:\Users\Admin\Downloads\SkipLimit.mht
Filesize
720KB

MD5
6fc28cf2590fd477f6d643b0eb9deca6

SHA1
4152b84dd7996fb823b7978073b4af44dadeb765

SHA256
3f0a1a2b0dde922fa2b30881f199d62878e0605528bff0ca0033c2b60c270053

SHA512
61e6dea5ac76bdc941765418fc58b403d3f7ec0855e8d1f1ae85307576deda2b6481f9db2b587e8bd759b71d420246121a0278c21070585437660ef6e9c02c34

Download Submit
C:\Users\Admin\Downloads\SuspendEnter.xml
Filesize
567KB

MD5
8e75c3bf50175de86422c4d832497985

SHA1
0c07df3e9ded57568c0454aa56226c0dd36229a3

SHA256
574c6a670a4c6272db202c0c3377b062133b93cb53d702c3e20a0871ad0b44d7

SHA512
1a7a679af5170dfde46ee40dda6d6700104966837094c3f31abd765fc857c45432882d00a3078b8d411ff1b2ccf346bef8e3250ec3cefd460273facd907b1a0e

Download Submit
C:\Users\Admin\Downloads\SwitchRename.midi
Filesize
932KB

MD5
de620c8ca7d32c2cb2745b18cac185cb

SHA1
5f6a31e0ed50c68763bb2176db5a854ce5bdf9b4

SHA256
a95b9e510c8be3a2e37c715c6b37c725992a16509708d904f829fe57669dd079

SHA512
c21e26e2a313c0693893a4a410ed39539daccce6b4f5e8c7c53fe0a429a0c0fbe1da78d6cf6adb6456392f4d83b4a3deaa497350520ff7e41265ab1d7c972e41

Download Submit
C:\Users\Admin\Downloads\SyncGroup.cr2
Filesize
1.3MB

MD5
f3ed9c3b6859f1a54522687756b4dfaa

SHA1
c191fe27a096a5ee2982860dd101390e395956eb

SHA256
5aad0ffa8fc342a380f6f2560e6e8eef70b0c39f34c06d1e8513d5d2695bf719

SHA512
13dd79970bfb7594460dd9718cce782061287309cee5e8673501572243776e936e3311575b0231b6d580076417546975ed947a013616c40d80fa41c276b305fa

Download Submit
C:\Users\Admin\Downloads\UnlockRegister.ppsm
Filesize
740KB

MD5
ec7bb81f2bd8940fb484764269669d53

SHA1
2f04c0ad7f77d6240430a3b2ea5e1fc1187b89b0

SHA256
6328ed811a615c9f9eb28d43c92f40b004be23f1ec0ed3b9c9355b7f785b16ea

SHA512
8133f9f7b7cb1a7ac8fcd2f2b0d473fe0da6b2ffe275e8eee3b253ede5a02c1cbd131b9564eec0fd106c0f3c24dade4d1498e1d713574b7c09ca735508d27ad0

Download Submit
C:\Users\Admin\Downloads\UnpublishOpen.wmf
Filesize
336KB

MD5
b540a8f54a6b20244dacf87fbe54c4af

SHA1
4de447f3a01efe8e48d04356b33216db3ed7e6ab

SHA256
9900f37f6b0de5532c9efd4be5dc371f1c190668cda6ec7f22b6550168d4dbc7

SHA512
4b8132dcfa74aa59a2b83b220f8a3fd15bb57c5bd0dc6fad1caa9d315545726f793ffc852f6676059c2cf415e82be7f3aa4780b2020ae9a1cfac94833fb76501

Download Submit
C:\Users\Admin\Downloads\UpdateBackup.i64
Filesize
913KB

MD5
457d3d3f954191c8d347867ff1c7e2fb

SHA1
0e0aafa14d262a243ddd80c3a9240b266e9833a9

SHA256
9602409788fadb1effe2c1c973c10e9ca2d5b371d6ef7c4d29e6884e4800c11c

SHA512
530a3b1697be6bab8faacaf8b8ffc8ab2e7fb5584af673524c97fe60c19d62a8ed286f35973c39e0b01e85c80138b80eda29bb7f460ee4f004df62ed6eccd4f7

Download Submit
C:\Users\Admin\Downloads\UsePush.mov
Filesize
471KB

MD5
927ce05a07a89650241e0616b9ed108b

SHA1
4a3eb93b92d7cc3a3a0ef5a6cdab93ab30428f77

SHA256
6d56ca30374e5156cbd76a5bfe595051e4375bec3fbdc5380c6a8ebea744f6e7

SHA512
a1fc932e3b53623aa1750b00cb0447dde6d90d6eced462737ad5d7adb23caf9a767173c0ab35fe746e310d13f16ccf08bc31ffecbde317a9c84edc3ad5825c7f

Download Submit
C:\Users\Admin\Downloads\UseWait.pdf
Filesize
894KB

MD5
2f7dcaece67efa1edeb799526f1451b9

SHA1
8ea48bb44b1158372994ae88b1d96c1d36474c9f

SHA256
956178ec4f641a08bf6a6f0302bf9e1121cf17698933100fbe79a2299c0e1f33

SHA512
47295dcfe6ecef036d7947b18231e6af3b1eb19be92344b9315aca45efe42c6d9ea11a8f14f1c61c38644fd1ab9a85750cedd150e48f2949914be768bcba177e

Download Submit
C:\Users\Admin\Downloads\WaitWrite.mp2
Filesize
547KB

MD5
6e0203fa80045edc66f48d3be8b2beaf

SHA1
09635f92bfac0f0d5ccf25aa142cc8f65d440cc5

SHA256
81828934fc8f5ee5a67bda13cda53dfc0fcea0be6121f8dfd99f22fd6dabceb1

SHA512
f14f7857089f179582ffe99be0c956c4361a6574a3a962178bea762c33bbf55e97de622dcc34df18e0aa7023ec4bf6996ef95653e9ed206dcace1659e1924be1

Download Submit
C:\Users\Admin\Downloads\WatchStep.au
Filesize
451KB

MD5
8f91f76ef6ba2825661289eebd902759

SHA1
37f4fc9577598c4bd478ae6043d62152ea0580c6

SHA256
8ec6d086dbcf03d740f98e97e505c3858a1266c1deb5d1298a23fb6593721df9

SHA512
5096cfd384e7e9410a08d9115d1639e6cc9f78c8d01b43a8bad520119404ff1e526d13b75bff50941afda62f7353d871ee6bbde39afce9aace4f53a377a8fb5c

Download Submit
C:\Users\Admin\Downloads\WriteUse.7z
Filesize
644KB

MD5
f576193c727c9d1f92d0d33e216d7d9d

SHA1
f273758d3b879297ee92270d1cfc67cda192f430

SHA256
484f1db4b689409d74011720ee7d35dc79887765e4f7e1a0c4c61d89e59a6b40

SHA512
920cd618e24909abbce27c72e61b71ed1fcba8a95b7887988603fd916989b56e245b196c4f2c183be11643995bafa315e5d9d9990f6100092c112628e27219b1

Download Submit
memory/3172-0-0x00007FFFF3A33000-0x00007FFFF3A35000-memory.dmp

Filesize
8KB

Download
memory/3172-3-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp

Filesize
10.8MB

Download
memory/3172-4-0x000002567BC90000-0x000002567C1B8000-memory.dmp

Filesize
5.2MB

Download
memory/3172-5-0x00007FFFF3A33000-0x00007FFFF3A35000-memory.dmp

Filesize
8KB

Download
memory/3172-2-0x000002567B450000-0x000002567B612000-memory.dmp

Filesize
1.8MB

Download
memory/3172-6-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp

Filesize
10.8MB

Download
memory/3172-1-0x0000025660D30000-0x0000025660D48000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads