discordrat | 780815f7b1197e89dd796f625782af49026bc7691fd686eb25f3f9ab2002579a

Analysis

max time kernel
16s
max time network
18s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-07-2024 09:51

Target

Vanta.exe
Size

78KB
MD5

da5a7eb9e117cafa2d9137d1723a33dd
SHA1

e35b1f51e72ef5d2f8290ac7d0ec87cc15235899
SHA256

780815f7b1197e89dd796f625782af49026bc7691fd686eb25f3f9ab2002579a
SHA512

4686f8d49b4ca27c1ca4bccdfaad7c8369e475cdc1b59a9ac5af10dc5382d449c60daa993d9311dd2e70a3ee535449705665699691a3bd8bafd37ebd075fd7af
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE5NzkyMTQ2MDE3NDQ2NzE1Mg.G10JF-.bNlt2_PKNFUbG2pRSlM23bcrdFtXhvMU_yl7hY
server_id
1052631250457866370

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Vanta.exe

description pid process

Token: SeDebugPrivilege 4988 Vanta.exe

description	pid	process
Token: SeDebugPrivilege	4988	Vanta.exe

C:\Users\Admin\AppData\Local\Temp\Vanta.exe
"C:\Users\Admin\AppData\Local\Temp\Vanta.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4988

memory/4988-0-0x00007FF98AAA3000-0x00007FF98AAA4000-memory.dmp

Filesize
4KB

Download
memory/4988-1-0x00000203978E0000-0x00000203978F8000-memory.dmp

Filesize
96KB

Download
memory/4988-2-0x00000203B1E70000-0x00000203B2032000-memory.dmp

Filesize
1.8MB

Download
memory/4988-3-0x00007FF98AAA0000-0x00007FF98B48C000-memory.dmp

Filesize
9.9MB

Download
memory/4988-4-0x00000203B2770000-0x00000203B2C96000-memory.dmp

Filesize
5.1MB

Download