Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
29-06-2024 20:25
General
-
Target
RobloxPlayerInstallerCRACKED.exe
-
Size
78KB
-
MD5
3452a8da597975fc6a00c06c5106f009
-
SHA1
4e5118042d641d12c0f6fc42a6eaeb86aed43fb6
-
SHA256
998be75a886cb45442cd31c27a72558459540f05d588961a67515ca98049f4d2
-
SHA512
b3e0f6d7ad90c4e60389594a35e7592bd651d544f68fc0f232c671d6da70f219176113ff031608a8c49e9c897898aaa9ccb485d1ba1f97180adfe44f0fbb41ba
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+jPIC:5Zv5PDwbjNrmAE+7IC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1NjY2NjMwMTQ4NTU1MTY5OA.GJPfoK.e4hSv7hek2RkFivU556o2-E78FxjuV2jTYvdLk
-
server_id
1256574491014725675
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstallerCRACKED.exe"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstallerCRACKED.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3664-0-0x000001B7FD800000-0x000001B7FD818000-memory.dmpFilesize
96KB
-
memory/3664-1-0x00007FF8C28E3000-0x00007FF8C28E5000-memory.dmpFilesize
8KB
-
memory/3664-2-0x000001B800000000-0x000001B8001C2000-memory.dmpFilesize
1.8MB
-
memory/3664-3-0x00007FF8C28E0000-0x00007FF8C33A1000-memory.dmpFilesize
10.8MB
-
memory/3664-4-0x000001B798530000-0x000001B798A58000-memory.dmpFilesize
5.2MB
-
memory/3664-5-0x00007FF8C28E3000-0x00007FF8C28E5000-memory.dmpFilesize
8KB
-
memory/3664-6-0x00007FF8C28E0000-0x00007FF8C33A1000-memory.dmpFilesize
10.8MB