discordrat | 9d75cc219fc049368f2dcd1a0e2b6d770c5c00e25e9fcaa43cbffb64beec2f4f | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 18:30

Sharing

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

9f8192bca777a039d99372a530cdb635
SHA1

a2556acb2ef8989c7d1b07d1744a0b5fd7f58a68
SHA256

9d75cc219fc049368f2dcd1a0e2b6d770c5c00e25e9fcaa43cbffb64beec2f4f
SHA512

9e32db23374ac09ef4833fd1b5e603c294842dc380daca3aa6f2cf27d5be9df081634c589b97f7850c7eadbf672bf3ad5a2f580b6dbb570a68f7280524de3f81
SSDEEP

1536:F2WjO8XeEXFd5P7v88wbjNrfxCXhRoKV6+V+4PIC:FZz5PDwbjNrmAE+cIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
OTg4NTc4MzE5NDUwNjU2ODA4.GJB_CK.pGGNRyaGaQAGmQrFjvmnUeTW-IdHcYf2pAyEXQ
server_id
1163956714090016808

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1968	2116	Client-built.exe	28
PID 2116 wrote to memory of 1968	2116	Client-built.exe	28
PID 2116 wrote to memory of 1968	2116	Client-built.exe	28

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2116 -s 596
  2⤵
  PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2116-0-0x000007FEF5103000-0x000007FEF5104000-memory.dmp

Filesize
4KB

Download
memory/2116-1-0x000000013FCA0000-0x000000013FCB8000-memory.dmp

Filesize
96KB

Download
memory/2116-2-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2116-3-0x000007FEF5103000-0x000007FEF5104000-memory.dmp

Filesize
4KB

Download