discordrat | f2fb9c24518a9e85db1c28ab2c47a513c4764c2d55e596395fab7e2031ed973e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 02:38

Target

7c61b3180ba4cac4c22f9a1db40be7d7.exe
Size

78KB
MD5

7c61b3180ba4cac4c22f9a1db40be7d7
SHA1

977ca2e82b1371138fe54ae53b254e98641cd5f5
SHA256

f2fb9c24518a9e85db1c28ab2c47a513c4764c2d55e596395fab7e2031ed973e
SHA512

f698bd22bf4f78a0724557f94af769d488ece60cf22df5a8dde5d1ed0c0d879e0eaa3c978b4109163c8835929610c61dc4fa082fb1a4567c74d07bd693b79df7
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+VPIC:5Zv5PDwbjNrmAE+FIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1NjM2MzA4MzE5NTA4OTA1OQ.GGag1Q.GsRKtE4Q53MlpflZVGE7Eyl1pC8pjQcV3hG2Oo
server_id
1020984986041593866

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2956	2944	7c61b3180ba4cac4c22f9a1db40be7d7.exe	28
PID 2944 wrote to memory of 2956	2944	7c61b3180ba4cac4c22f9a1db40be7d7.exe	28
PID 2944 wrote to memory of 2956	2944	7c61b3180ba4cac4c22f9a1db40be7d7.exe	28

C:\Users\Admin\AppData\Local\Temp\7c61b3180ba4cac4c22f9a1db40be7d7.exe
"C:\Users\Admin\AppData\Local\Temp\7c61b3180ba4cac4c22f9a1db40be7d7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2944 -s 600
  2⤵
  PID:2956

memory/2944-0-0x000007FEF5A63000-0x000007FEF5A64000-memory.dmp

Filesize
4KB

Download
memory/2944-1-0x000000013FC90000-0x000000013FCA8000-memory.dmp

Filesize
96KB

Download
memory/2944-2-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

Filesize
9.9MB

Download
memory/2944-3-0x000007FEF5A63000-0x000007FEF5A64000-memory.dmp

Filesize
4KB

Download
memory/2944-4-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

Filesize
9.9MB

Download