discordrat | 998be75a886cb45442cd31c27a72558459540f05d588961a67515ca98049f4d2

Analysis

max time kernel
137s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 01:35

Target

3452a8da597975fc6a00c06c5106f009.exe
Size

78KB
MD5

3452a8da597975fc6a00c06c5106f009
SHA1

4e5118042d641d12c0f6fc42a6eaeb86aed43fb6
SHA256

998be75a886cb45442cd31c27a72558459540f05d588961a67515ca98049f4d2
SHA512

b3e0f6d7ad90c4e60389594a35e7592bd651d544f68fc0f232c671d6da70f219176113ff031608a8c49e9c897898aaa9ccb485d1ba1f97180adfe44f0fbb41ba
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+jPIC:5Zv5PDwbjNrmAE+7IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1NjY2NjMwMTQ4NTU1MTY5OA.GJPfoK.e4hSv7hek2RkFivU556o2-E78FxjuV2jTYvdLk
server_id
1256574491014725675

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4576	3452a8da597975fc6a00c06c5106f009.exe

C:\Users\Admin\AppData\Local\Temp\3452a8da597975fc6a00c06c5106f009.exe
"C:\Users\Admin\AppData\Local\Temp\3452a8da597975fc6a00c06c5106f009.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4576

memory/4576-0-0x000002CE79890000-0x000002CE798A8000-memory.dmp

Filesize
96KB

Download
memory/4576-1-0x00007FFCF9A73000-0x00007FFCF9A75000-memory.dmp

Filesize
8KB

Download
memory/4576-2-0x000002CE7BED0000-0x000002CE7C092000-memory.dmp

Filesize
1.8MB

Download
memory/4576-3-0x00007FFCF9A70000-0x00007FFCFA531000-memory.dmp

Filesize
10.8MB

Download
memory/4576-4-0x000002CE7C6D0000-0x000002CE7CBF8000-memory.dmp

Filesize
5.2MB

Download
memory/4576-5-0x00007FFCF9A70000-0x00007FFCFA531000-memory.dmp

Filesize
10.8MB

Download