Analysis
-
max time kernel
93s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-07-2024 05:31
Behavioral task
behavioral1
Sample
test3/Release/Discord rat.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
test3/Release/Discord rat.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
test3/builder.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
test3/builder.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
test3/dnlib.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
test3/dnlib.dll
Resource
win10v2004-20240508-en
General
-
Target
test3/Release/Discord rat.exe
-
Size
78KB
-
MD5
b26aba78d2501b23ed1a11b8c03bafdd
-
SHA1
116c76b9cf3cd5b3627ff001d8a648f9c517f0eb
-
SHA256
30e7b349618473efb9dff3dcb0f5f2663d492744582d2d58a92f68b6f52bdaa7
-
SHA512
31d9d189e126de48d7465acd44430c6fd320bbcda6d004937ef7fbfd33de5b0b012a2af024fd1d2a7628d99e139b333a4726d4cb566f688c5c721d96901da249
-
SSDEEP
1536:Rw7DiDxvncD/3dV83E3iP4k/D0NLF8CAtYB1n4NBm/b/JbETFWRl3J4ynA/qbGP6:RSDiDxvncD/3dV83E3iP4k/D0NLF8CAW
Malware Config
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Discord rat.exedescription pid process Token: SeDebugPrivilege 4592 Discord rat.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4592-0-0x00000234F1420000-0x00000234F1438000-memory.dmpFilesize
96KB
-
memory/4592-1-0x00007FFBBC143000-0x00007FFBBC145000-memory.dmpFilesize
8KB
-
memory/4592-2-0x00000234F3B90000-0x00000234F3D52000-memory.dmpFilesize
1.8MB
-
memory/4592-3-0x00007FFBBC140000-0x00007FFBBCC01000-memory.dmpFilesize
10.8MB
-
memory/4592-4-0x00000234F4390000-0x00000234F48B8000-memory.dmpFilesize
5.2MB
-
memory/4592-5-0x00007FFBBC140000-0x00007FFBBCC01000-memory.dmpFilesize
10.8MB