discordrat | 998be75a886cb45442cd31c27a72558459540f05d588961a67515ca98049f4d2

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 01:35

Target

3452a8da597975fc6a00c06c5106f009.exe
Size

78KB
MD5

3452a8da597975fc6a00c06c5106f009
SHA1

4e5118042d641d12c0f6fc42a6eaeb86aed43fb6
SHA256

998be75a886cb45442cd31c27a72558459540f05d588961a67515ca98049f4d2
SHA512

b3e0f6d7ad90c4e60389594a35e7592bd651d544f68fc0f232c671d6da70f219176113ff031608a8c49e9c897898aaa9ccb485d1ba1f97180adfe44f0fbb41ba
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+jPIC:5Zv5PDwbjNrmAE+7IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1NjY2NjMwMTQ4NTU1MTY5OA.GJPfoK.e4hSv7hek2RkFivU556o2-E78FxjuV2jTYvdLk
server_id
1256574491014725675

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 3040	2288	3452a8da597975fc6a00c06c5106f009.exe	28
PID 2288 wrote to memory of 3040	2288	3452a8da597975fc6a00c06c5106f009.exe	28
PID 2288 wrote to memory of 3040	2288	3452a8da597975fc6a00c06c5106f009.exe	28

C:\Users\Admin\AppData\Local\Temp\3452a8da597975fc6a00c06c5106f009.exe
"C:\Users\Admin\AppData\Local\Temp\3452a8da597975fc6a00c06c5106f009.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2288 -s 596
  2⤵
  PID:3040

memory/2288-0-0x000007FEF56D3000-0x000007FEF56D4000-memory.dmp

Filesize
4KB

Download
memory/2288-1-0x000000013FD40000-0x000000013FD58000-memory.dmp

Filesize
96KB

Download
memory/2288-2-0x000007FEF56D0000-0x000007FEF60BC000-memory.dmp

Filesize
9.9MB

Download
memory/2288-3-0x000007FEF56D3000-0x000007FEF56D4000-memory.dmp

Filesize
4KB

Download
memory/2288-4-0x000007FEF56D0000-0x000007FEF60BC000-memory.dmp

Filesize
9.9MB

Download