discordrat | 19cfac8181f164ad29bd35d33c6389fa75fa7eea2066ce43b1e054e687b2fb34

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 05:31

Target

test3/Release/Discord rat.exe
Size

78KB
MD5

b26aba78d2501b23ed1a11b8c03bafdd
SHA1

116c76b9cf3cd5b3627ff001d8a648f9c517f0eb
SHA256

30e7b349618473efb9dff3dcb0f5f2663d492744582d2d58a92f68b6f52bdaa7
SHA512

31d9d189e126de48d7465acd44430c6fd320bbcda6d004937ef7fbfd33de5b0b012a2af024fd1d2a7628d99e139b333a4726d4cb566f688c5c721d96901da249
SSDEEP

1536:Rw7DiDxvncD/3dV83E3iP4k/D0NLF8CAtYB1n4NBm/b/JbETFWRl3J4ynA/qbGP6:RSDiDxvncD/3dV83E3iP4k/D0NLF8CAW

Score

10^/10

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Discord rat.exe

description pid process

Token: SeDebugPrivilege 4592 Discord rat.exe

description	pid	process
Token: SeDebugPrivilege	4592	Discord rat.exe

C:\Users\Admin\AppData\Local\Temp\test3\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\test3\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4592

memory/4592-0-0x00000234F1420000-0x00000234F1438000-memory.dmp

Filesize
96KB

Download
memory/4592-1-0x00007FFBBC143000-0x00007FFBBC145000-memory.dmp

Filesize
8KB

Download
memory/4592-2-0x00000234F3B90000-0x00000234F3D52000-memory.dmp

Filesize
1.8MB

Download
memory/4592-3-0x00007FFBBC140000-0x00007FFBBCC01000-memory.dmp

Filesize
10.8MB

Download
memory/4592-4-0x00000234F4390000-0x00000234F48B8000-memory.dmp

Filesize
5.2MB

Download
memory/4592-5-0x00007FFBBC140000-0x00007FFBBCC01000-memory.dmp

Filesize
10.8MB

Download