discordrat | 51cf3e36a04183bc40cb0c934c4323e8378113c25e60debe7cfa34e964214e1e | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 14:13

Sharing

Report Analysis Logs

General

Target

backdoor.exe
Size

78KB
MD5

4acb8a72e208374ffcb845ff287231d8
SHA1

51b078a626f7013eac29f4731f3ca48087fda5ed
SHA256

51cf3e36a04183bc40cb0c934c4323e8378113c25e60debe7cfa34e964214e1e
SHA512

928cc8c8dcf687f47cccdce951637a55929a817fa03547747459df293b46b8496b25b5d548628d9b3b5e8671a1d075b83b4b8b42417b4a90113c1ffd441de88d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+lPIC:5Zv5PDwbjNrmAE+1IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1Njg4MzE3NzgyMjM1NTQ5Ng.GYuUPW.yZl7nGjcYNgqFBMj9gzZyn9Lsm1XVtBAVvay6Q
server_id
1256880554956296272

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

backdoor.exe

description	pid	process	target process
PID 1276 wrote to memory of 2072	1276	backdoor.exe	WerFault.exe
PID 1276 wrote to memory of 2072	1276	backdoor.exe	WerFault.exe
PID 1276 wrote to memory of 2072	1276	backdoor.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\backdoor.exe
"C:\Users\Admin\AppData\Local\Temp\backdoor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1276 -s 596
2⤵
PID:2072

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1276-0-0x000007FEF5623000-0x000007FEF5624000-memory.dmp

Filesize
4KB

Download
memory/1276-1-0x000000013F9F0000-0x000000013FA08000-memory.dmp

Filesize
96KB

Download
memory/1276-2-0x000007FEF5620000-0x000007FEF600C000-memory.dmp

Filesize
9.9MB

Download
memory/1276-3-0x000007FEF5620000-0x000007FEF600C000-memory.dmp

Filesize
9.9MB

Download