discordrat | ab65e67c571c618dec96e67b90c2fc1f23cc14d890a47097af24d9cac3a0d033

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 18:18

Target

Microsoft Teams.exe
Size

78KB
MD5

63e862de6af5361db7e5a02cc0cda36b
SHA1

6608a2831a6fc48bc0df5a90fc09898ce8cae57a
SHA256

ab65e67c571c618dec96e67b90c2fc1f23cc14d890a47097af24d9cac3a0d033
SHA512

7cb2fdf29c77a1441ceedfa065b7b3573a149d39aebd58aa0c1fd08f4e1a25a65b9c830bf71b29e42b10add52f4e91e7657291a8fd09c182a28d606ebf20196f
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+ZPIC:5Zv5PDwbjNrmAE+pIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIyNjA4MTg3MzUwMDA0OTQwOA.GH2uyJ._HNe7GUeOVG-0ZK1ROMpF__BHGM43d6YVff2Fk
server_id
1127634661301026827

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Microsoft Teams.exe

description	pid	process	target process
PID 2248 wrote to memory of 2156	2248	Microsoft Teams.exe	WerFault.exe
PID 2248 wrote to memory of 2156	2248	Microsoft Teams.exe	WerFault.exe
PID 2248 wrote to memory of 2156	2248	Microsoft Teams.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Microsoft Teams.exe
"C:\Users\Admin\AppData\Local\Temp\Microsoft Teams.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2248 -s 600
2⤵
PID:2156

memory/2248-0-0x000007FEF5363000-0x000007FEF5364000-memory.dmp

Filesize
4KB

Download
memory/2248-1-0x000000013F520000-0x000000013F538000-memory.dmp

Filesize
96KB

Download
memory/2248-2-0x000007FEF5360000-0x000007FEF5D4C000-memory.dmp

Filesize
9.9MB

Download
memory/2248-3-0x000007FEF5363000-0x000007FEF5364000-memory.dmp

Filesize
4KB

Download
memory/2248-4-0x000007FEF5360000-0x000007FEF5D4C000-memory.dmp

Filesize
9.9MB

Download