Analysis
-
max time kernel
1388s -
max time network
1787s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
03-07-2024 23:22
General
-
Target
DoomedWorld.exe
-
Size
78KB
-
MD5
8121de3645a1421d72afa83c8791951c
-
SHA1
9654de88957f4995899bfbf5ab2eedbbe95be12f
-
SHA256
98dd156638016b0abfb53a44dba4e8452b9b57bd0d9093c9995e88a9c6c7d750
-
SHA512
d75f84fb3330105af2feaa98a8352ad68a473bce22e848fea99a9b6cd0818199d786d3955e6960730074c05c1df23b5ca664dcc22bf8bf9553a1cb07a78a49df
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+gPIC:5Zv5PDwbjNrmAE+EIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1NzAyMzI2NzMzNjc0OTExMA.GRRCqL.-hOLG_NYwHg-QndfQvaNfpmA9h6WqvK4pkfIS8
-
server_id
1257024430513848503
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DoomedWorld.exe"C:\Users\Admin\AppData\Local\Temp\DoomedWorld.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4664-0-0x000001A9700F0000-0x000001A970108000-memory.dmpFilesize
96KB
-
memory/4664-1-0x00007FF89B373000-0x00007FF89B375000-memory.dmpFilesize
8KB
-
memory/4664-2-0x000001A9727F0000-0x000001A9729B2000-memory.dmpFilesize
1.8MB
-
memory/4664-3-0x00007FF89B370000-0x00007FF89BE31000-memory.dmpFilesize
10.8MB
-
memory/4664-4-0x000001A972FF0000-0x000001A973518000-memory.dmpFilesize
5.2MB
-
memory/4664-5-0x00007FF89B373000-0x00007FF89B375000-memory.dmpFilesize
8KB
-
memory/4664-6-0x00007FF89B370000-0x00007FF89BE31000-memory.dmpFilesize
10.8MB