discordrat | 57eed574304d4cfbcc88500b5182c4860d41d304981fb4998ed86d07988a2ca0 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 16:02

Sharing

Report Analysis Logs

General

Target

Easy Installer.exe
Size

78KB
MD5

47eea4e5c2e7a5c324bdbe8dbd92f767
SHA1

0ef6fc9907bfde40c891ac4fb2b6edb7a1309666
SHA256

57eed574304d4cfbcc88500b5182c4860d41d304981fb4998ed86d07988a2ca0
SHA512

28b656ca6eb05da8485851812ab9e4ccc88f2fca2c7824584ffcee3387cc521fc5bf41251c76db45a9a2228ec0d63da9d194bd7af515610d0df54e28c77128df
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+SLPIC:5Zv5PDwbjNrmAE+CIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1Njg3NTU2Mjg4MzA4ODQ2NQ.Gfaomm.Q8t_H-8TPNfmYeYs7TNEUk7uofM9ZANkiepzfY
server_id
1256875331898577006

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Easy Installer.exe

description	pid	process	target process
PID 2068 wrote to memory of 1656	2068	Easy Installer.exe	WerFault.exe
PID 2068 wrote to memory of 1656	2068	Easy Installer.exe	WerFault.exe
PID 2068 wrote to memory of 1656	2068	Easy Installer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Easy Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Easy Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2068 -s 596
2⤵
PID:1656

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2068-0-0x000007FEF5703000-0x000007FEF5704000-memory.dmp

Filesize
4KB

Download
memory/2068-1-0x000000013F9B0000-0x000000013F9C8000-memory.dmp

Filesize
96KB

Download
memory/2068-2-0x000007FEF5700000-0x000007FEF60EC000-memory.dmp

Filesize
9.9MB

Download
memory/2068-3-0x000007FEF5700000-0x000007FEF60EC000-memory.dmp

Filesize
9.9MB

Download