Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 14:13
Behavioral task
behavioral1
Sample
backdoor.exe
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
backdoor.exe
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
backdoor.exe
-
Size
78KB
-
MD5
4acb8a72e208374ffcb845ff287231d8
-
SHA1
51b078a626f7013eac29f4731f3ca48087fda5ed
-
SHA256
51cf3e36a04183bc40cb0c934c4323e8378113c25e60debe7cfa34e964214e1e
-
SHA512
928cc8c8dcf687f47cccdce951637a55929a817fa03547747459df293b46b8496b25b5d548628d9b3b5e8671a1d075b83b4b8b42417b4a90113c1ffd441de88d
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+lPIC:5Zv5PDwbjNrmAE+1IC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1Njg4MzE3NzgyMjM1NTQ5Ng.GYuUPW.yZl7nGjcYNgqFBMj9gzZyn9Lsm1XVtBAVvay6Q
-
server_id
1256880554956296272
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
backdoor.exedescription pid process target process PID 1276 wrote to memory of 2072 1276 backdoor.exe WerFault.exe PID 1276 wrote to memory of 2072 1276 backdoor.exe WerFault.exe PID 1276 wrote to memory of 2072 1276 backdoor.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1276-0-0x000007FEF5623000-0x000007FEF5624000-memory.dmpFilesize
4KB
-
memory/1276-1-0x000000013F9F0000-0x000000013FA08000-memory.dmpFilesize
96KB
-
memory/1276-2-0x000007FEF5620000-0x000007FEF600C000-memory.dmpFilesize
9.9MB
-
memory/1276-3-0x000007FEF5620000-0x000007FEF600C000-memory.dmpFilesize
9.9MB