discordrat | 2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec

Analysis

max time kernel
1626s
max time network
1637s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord rat.exe
Size

79KB
MD5

d13905e018eb965ded2e28ba0ab257b5
SHA1

6d7fe69566fddc69b33d698591c9a2c70d834858
SHA256

2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
SHA512

b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
SSDEEP

1536:YCH0jBD2BKkwbPNrfxCXhRoKV6+V+y9viwp:VUjBD2BPwbPNrmAE+MqU

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Discord rat.exe

description pid process

Token: SeDebugPrivilege 1676 Discord rat.exe

description	pid	process
Token: SeDebugPrivilege	1676	Discord rat.exe

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\BackupConnect.odp
Filesize
307KB

MD5
93a1312f29067ce38a77d5cf90a723cf

SHA1
d60560f214d963b977e042794a56c6cd4a2e7784

SHA256
36860c4ca861dfee86db2d51ac662b9f9965eedc796bd41835c3bd36ad410368

SHA512
58966fb83b46f78a3049772a4e6eda4cdc06e182776f19f3d72f4ff34e2237743153a571099ef457c11f17a68907dea4bd7b6c13d5a1435a46cf6b8acd430e3d

Download Submit
C:\Users\Admin\Desktop\ClearRestore.au
Filesize
486KB

MD5
a468bb746a7e3aa182b4a81a210c2bee

SHA1
d64f996f7fd04c35599b5e3934722033b1a83788

SHA256
e1e1e8eb6eacbfb1838dc768ebf6ebb58b1a43930882bf2e48c193fa9c437198

SHA512
40cace7073eb5739f0886591c4d556300dc4a568b58b94c286ae73038dd8c99928c4594f0af8e0b59a515386022a8262d109ab54b7ecd97d2e3dd067cb73d573

Download Submit
C:\Users\Admin\Desktop\CompressInstall.wma
Filesize
665KB

MD5
f12e6c0df3031bfd18ea3ad23a50bb88

SHA1
5cc42c986ef608f02563acf9fc577afee077a642

SHA256
b5d54cf0e4fb542bf6280f3cb6aacb5bdb088e9e01b286c962e162c11b128a7e

SHA512
84ab6f468a44030f6334ad98a91505fab4e1ba51d1983bbe28415036b490f1b52d7ac937ed95ee8afbbe79db45edb2515748948daf5e7c3b04e7557a201a8d5f

Download Submit
C:\Users\Admin\Desktop\ConfirmRevoke.aif
Filesize
511KB

MD5
2af562f232f5ce5f5ae91fa6cbd99aba

SHA1
c01d428547e8810f0fccda057acff067641513d0

SHA256
60201fc42bff7514a7120ca92fa552492a82684869285f1aa471b5076d08ab87

SHA512
7d2b17c0c2adcd08b4d70580fc03222ba2b69bc13dae8404ba73f19dddd710d9385015e4f0c4474d09c311a0f6b544f568bad9cf3c9ce1294c9b37a9eb791520

Download Submit
C:\Users\Admin\Desktop\ConnectDisconnect.asf
Filesize
563KB

MD5
d0b8b2da3063a2fc52b1bfb25620c8a2

SHA1
b48f480f18c00ee14db5c9128d1530e47f0123ff

SHA256
59d30b10f2a5fd981d67a4f7b7761a666285e5aa816807ced7cb924484cfdabc

SHA512
1a0e205b5d64f0e4ba81d9ce6395a657deff0f007545b8734382096b31f8d1356b10f54d11a1360e414f5ffec5ab0aca9cfdf5f635b780c753602128caa245b7

Download Submit
C:\Users\Admin\Desktop\DebugConvertTo.asp
Filesize
358KB

MD5
9572bb48157e11efd73d7cb802e1b7ff

SHA1
8bec15e29d79a434c7c58d92f48d8485ec24de67

SHA256
cc47567e4f5ad075c99f9dc4425fd7eec44eb209f9e473f30d6a914a80cd304b

SHA512
d8fa7ec9bb5dfcf4d9907cc06d3aab79eb20f24dcef6d71067faa0664c825e3d53682c2aa675d45e55e7b947298861b7e2af16acc226bd33a677290d95abf172

Download Submit
C:\Users\Admin\Desktop\EnterExit.lock
Filesize
691KB

MD5
176ae5fd077f03e8ebcdc47bb48cf3a4

SHA1
a2e25f0bb1e73a3e4dd68b2fdfa4f4a018cd78ce

SHA256
6656d2f71a89b289211ae6e5dd1261992340d651cc076e3b6b2f2ba5441386d1

SHA512
159dbbcbe88a37b08366f7c27aaf40a27da3ed2c9bd9359f395d3253b2c26d3a6f6c0ef2af592ec333ddb7c03152da392ca48b14d451edfab8ff6a361d000fe0

Download Submit
C:\Users\Admin\Desktop\ExitShow.contact
Filesize
281KB

MD5
1e027c3c3ed7a90048fb820595b6bbdb

SHA1
beb05ef003d0406ff66a6ec3c4b9c7f65c0997d7

SHA256
89d78317947aaea356cc95f96400a82b7f82db7e0a1dc48e52e075bca8dd7aaf

SHA512
f363e378b9be771afe050c124bd0a18df593466ed4c720fd299e6afa337afa958166d0806444ba4228a7f1cf520ce0d19cfbee49f42e994ec5f4e8ab318be7c6

Download Submit
C:\Users\Admin\Desktop\GrantRepair.temp
Filesize
998KB

MD5
3b15cf35e6d0dc8365d71e1e8625ec13

SHA1
bcf10e83a4be43ea094438488cbcb587982b6fa6

SHA256
7974ccf7de38980b63082e311a8ee51224f652d037f7a72e676eb518766ce528

SHA512
1732fd901fab7bfaeb66707a637331f5b771fae4c0a20671b1a5c86ae96c25cc601920f525006be86e31d5d8701145b9a161afd16f148e983102921053969d51

Download Submit
C:\Users\Admin\Desktop\HideExit.mp4
Filesize
460KB

MD5
d27f3ce82cfe2c645cb7b66cc3a028f4

SHA1
a6b4ce45aa599082e88351d7956d0c48cf4d57dd

SHA256
1a79e7897ff8ed4ed818513678b3651021f158344ebb0616fbc027477fc7ccd8

SHA512
af2e7ea4d97a362315832a5ee06b70cb09a13ddaef10f645b26a9ee19412108a15d62df32d88b9354b2d779573222adcbfe20c419de3d7ca78f32885ddbb7485

Download Submit
C:\Users\Admin\Desktop\HideSelect.potx
Filesize
588KB

MD5
0f1c0548bfd754363f25d8ca74cbf464

SHA1
942d330c3baa85eba34e1f5132f866cbaf1d4af0

SHA256
b19a60fc3707ed711db0f410e0ce8f018fae6ffc00c0dc7a9486ae22a9945278

SHA512
deb06e0fef678b720db89560820ed82f44b0dc2efccd3bf15be51c1c758f240373a1683a8ab0ac54f0ad2925ede900158053eaf13308622e6a100dbdb787d994

Download Submit
C:\Users\Admin\Desktop\InvokeRequest.jpeg
Filesize
614KB

MD5
c594c9b299ad738e8846e131aae81660

SHA1
d62d94527eb6926cc42b9ca6438ca950b659ba05

SHA256
6c3e9a9b219f076cd30daf5ee3a002acf49b3c91f09ff087e62b0c3587155f8f

SHA512
8f7c61cc2b55bb345040964abdb9645f692fb2831cf5da279dc4134710fa16734fe5816b2bc9cbaa60b1136863ab8b1638530ce27daf491c43910033b07c45e6

Download Submit
C:\Users\Admin\Desktop\MergeResize.search-ms
Filesize
409KB

MD5
be0e98eccf3e8c0ee749c3e26b20a182

SHA1
7773dc397df7f432935c4fb07ab7844462d18014

SHA256
9034813d007d0deb6d1788e9aa1acdd38e79a3e16a7b75f6c7ab3fe4346926b7

SHA512
56b5f0218ecd865d38f718f2079923f48e072057f163332e397dbe1dc1c113d973bd756f980cdd7539916df38f7934df4b34bca84af4d7ce783974863ab9d63f

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk
Filesize
2KB

MD5
058647b29f171d56fa83bb80b5f9523b

SHA1
4dc44bcbbd80949d66e100299fcd6ddc26bc3e91

SHA256
9296c383d7367dcaf7332f130fe5ffc2aec21951f6cb5380e910235f71d2762c

SHA512
00653926f79643ac1ba285da3aae7653d3e7a704bc776af00c43f2343f50766e6dd559605ec330ba44a548b6d82e335700b16a4ba400e39430b4af3c11efdc0f

Download Submit
C:\Users\Admin\Desktop\MoveHide.rtf
Filesize
435KB

MD5
7fa9f1bd6f1552243802a1a75901e86e

SHA1
d57b7458d6b2e1881ad0d1b3c0137bd26fdfc830

SHA256
c3de0f8682b1a67766b72b672bdca08a3bd3c711e8f1803d317e2d5d819c67df

SHA512
3cfcd8924e27cb05e7a2486b1948a1f2d53e4053c9c5d4e9e5e635d0875f19faac90eb1864dc01ec79b9c6776bfbdf5436dce1be625e23b56016acb8851da04d

Download Submit
C:\Users\Admin\Desktop\PingSend.xlsx
Filesize
10KB

MD5
aea148a11de2833af57e74128e36fab6

SHA1
283f5a7425f45edc95841d08d0b8a37e921f3faf

SHA256
ecb737b2d43c2b4a8e95591473abfae7730e0a637c7e16cd62ea135dc5b2dff6

SHA512
607bf40317fd2e9b80872d1ffcc2945f9bdd5faaa0b2b161dbc14b11db4a462c6eaaffd5585fca98b2b01f4f764adea6943f6cc20cc925fa1449c539e48e8c4f

Download Submit
C:\Users\Admin\Desktop\ResizeFormat.xht
Filesize
716KB

MD5
623f8e41cc51ca5e48f48ff105d0e3bf

SHA1
f475795a1c89f821e20012f88616b649aaf9bf5a

SHA256
c9bbc219806b3065d822c0c2b9034d402cf984841f29b9ccbc24532d703a3cea

SHA512
72edb342530c7d1ba865debb64d8c5d914e54dce56b9ac75e562d0f97fd87be79779b8939846da4778f3a87368e7fb992cdfd987f22c3cd1896b9f98efcc2604

Download Submit
C:\Users\Admin\Desktop\RevokeEnable.xltm
Filesize
537KB

MD5
2b40dbbf9c624458146abde8f756831f

SHA1
05699d971b504734eac0bf7795e96d506c2ddb1c

SHA256
e933e50d56ed2e8aa20a7746d22b146d7d02d79ad1db9ac32181bb9cadeeb109

SHA512
afd43b8a3d85bf8e80bc20c7d705bb2a86fbbb0b7afcbdc2b9080d5056f12d663809bd6f7459f47dc1d7f44311797d0940829aae3bdb2515f7e7077fcb41244f

Download Submit
C:\Users\Admin\Desktop\RevokeSplit.xml
Filesize
332KB

MD5
6c77f29e7e9625a87f1adb8440e9626b

SHA1
cca21b785ed5f20b9e86c3f8b2b729015edce6f9

SHA256
e1e8ee85e189cc52eef9974b175c1d959fdb9cf69e7e0b7463a49be8924e9a73

SHA512
d16be2f6784c871f7b79a5923d912787b733c422ea9130cd540d5ef9587d0b77a784f83e84234267bc244a02a2e6cc820c82d2c96ecfce1e172d49e84e532277

Download Submit
C:\Users\Admin\Desktop\StartResume.pub
Filesize
383KB

MD5
26ff2e1a9c27e139bebf1f518746acce

SHA1
55f4a5823f1bca5fa23909f3f0dc6e48d7843fc0

SHA256
5eb64f4c02de9dabf2cda678a7a71f5bb6ca5eb453a931a3d87043319b590e4d

SHA512
4b111e7616d4428602e246c418a05ddcf449d1a59e791bb25c911a9bc0fbfcd99e323b200cfcded9713cd93c741ad4893f92e713e4d91cfeb4de55dca6a19313

Download Submit
C:\Users\Admin\Desktop\StepReceive.xlsx
Filesize
12KB

MD5
bc60696d0e5fb10c96bc92fe89ed4969

SHA1
21b35841c4a13630e835838644fe067dc8a73e4c

SHA256
68d948eafb427a32be2dbe12917504e9d2f916ba43ec49c5f8a31a4e394d4471

SHA512
9b5eefe6d62eb11a7f2f4d0e5da3964b9734b2dcdc071dbfb721aabc99821ec12cf25c2dd16065f9e3059abc82ad820453f18f5ed0fadacdce2a52aa0b981473

Download Submit
C:\Users\Admin\Desktop\UnblockConfirm.pcx
Filesize
255KB

MD5
d064bc7c2bcb2231731b6a7478de657a

SHA1
750a4d22504a89a4744f5ba155432988c3ef6931

SHA256
628f7e474534424bfaf8afbfc0c7a5150a4de5fdd6a103cb2c7b7b15384a29d9

SHA512
5b42d43a9bbde1b176de6629ea575ceb4a55fe4170835e75567707f1bdf0183926bba989ff99c47bb41247da706ced5240387a706caa48fe9fae43f8503f0755

Download Submit
C:\Users\Admin\Desktop\UnpublishClose.wav
Filesize
639KB

MD5
374595baff180a39cacffe626180b881

SHA1
08fe188589ed708476c13761d469e6f33abf7649

SHA256
ba7eee84e41b78470e77781e8a28a51bdff7a7a518fff17cf57449f3777c278e

SHA512
416e547b825b4dcae7fe1dc809e055c65a27f06e5296daec49e9a29ab13df1d0686c6f0c0cbcc7d0e41fa07be65f37905aaa9f7bea37ccf98767dd7b348eb036

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
Filesize
2KB

MD5
eb73c1bd5be91d027c01ebe5beeacd9d

SHA1
cd2c753b7137ddf3db81281c4f36986de37edc15

SHA256
31aa6e2fd0af88ea27f13a4617220ac3d6233b4f35d093ceff8954631b6bc44e

SHA512
b0fd00772b5ab9f316a3b9f6e224ee428c37a8563012cf963e4dc6aa5b80ff1177ec4709f0d3e6af07f7e0d94abb5890241eba809066a9dda7b3e9e7bf420932

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
1000B

MD5
aec81dc130718842ce6587dcd271767f

SHA1
a46aa0c1964d9e882bc92be548edc40c2b33be92

SHA256
639a2bc8bf268c0fb0645ff84a502aef2b40342a165e30cbeb1ba46733f1c15c

SHA512
179ef5e502ed25d1c326e755713d15b7f620a2bcd8b473ad094152859391f6ce74d0c6b26f51e2691ca487efe00187a672671bcffe9e96c2cfbae3e30babaec7

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk
Filesize
2KB

MD5
4dcb79db6624fb324b17ad47db96794e

SHA1
743003f9d64bab3b2f2707f670d53ec2e4b1a05b

SHA256
ff491dd9bbfa38176cb89da5b96d9557d297a5c634ec45ee99d2025cc0a32070

SHA512
df1ec849d2fb97d4fe6c74766f504baaa3b5a4b0bda76dd08dda200b278f1a066f1125a3b7ad20b787636b951424da4f815fcb21edb3c3ba500d11f71e2e6934

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk
Filesize
923B

MD5
e161d1ed192ec6d2e50c31a05c1f2edf

SHA1
a0ce7dc7db3ba905960755985cb1d61a9aabd0c0

SHA256
d91f652ced4ad59738be372d54ecab041b3e57985c25c8a36b0bc78f2b84c725

SHA512
52291c69aa500b7024b70f47e10eafa2874a9379fbfa027f0d5462411ea6ec0f7117c3717e3c58ac930fb1d9d218e4cb911ad4fd1dc7cdad273adb0e0a715108

Download Submit
memory/1676-0-0x000002FADE4D0000-0x000002FADE4E8000-memory.dmp

Filesize
96KB

Download
memory/1676-4-0x00007FF848E30000-0x00007FF8498F1000-memory.dmp

Filesize
10.8MB

Download
memory/1676-3-0x00007FF848E30000-0x00007FF8498F1000-memory.dmp

Filesize
10.8MB

Download
memory/1676-2-0x000002FAF8C70000-0x000002FAF8E32000-memory.dmp

Filesize
1.8MB

Download
memory/1676-1-0x00007FF848E33000-0x00007FF848E35000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads