discordrat | 19cfac8181f164ad29bd35d33c6389fa75fa7eea2066ce43b1e054e687b2fb34

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 05:34

Target

test3/Release/Discord rat.exe
Size

78KB
MD5

b26aba78d2501b23ed1a11b8c03bafdd
SHA1

116c76b9cf3cd5b3627ff001d8a648f9c517f0eb
SHA256

30e7b349618473efb9dff3dcb0f5f2663d492744582d2d58a92f68b6f52bdaa7
SHA512

31d9d189e126de48d7465acd44430c6fd320bbcda6d004937ef7fbfd33de5b0b012a2af024fd1d2a7628d99e139b333a4726d4cb566f688c5c721d96901da249
SSDEEP

1536:Rw7DiDxvncD/3dV83E3iP4k/D0NLF8CAtYB1n4NBm/b/JbETFWRl3J4ynA/qbGP6:RSDiDxvncD/3dV83E3iP4k/D0NLF8CAW

Score

10^/10

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Discord rat.exe

description pid process

Token: SeDebugPrivilege 2432 Discord rat.exe

description	pid	process
Token: SeDebugPrivilege	2432	Discord rat.exe

C:\Users\Admin\AppData\Local\Temp\test3\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\test3\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2432

memory/2432-1-0x000002E8C9410000-0x000002E8C9428000-memory.dmp

Filesize
96KB

Download
memory/2432-0-0x00007FFF39173000-0x00007FFF39175000-memory.dmp

Filesize
8KB

Download
memory/2432-2-0x000002E8E3A40000-0x000002E8E3C02000-memory.dmp

Filesize
1.8MB

Download
memory/2432-3-0x00007FFF39170000-0x00007FFF39C31000-memory.dmp

Filesize
10.8MB

Download
memory/2432-4-0x000002E8E4240000-0x000002E8E4768000-memory.dmp

Filesize
5.2MB

Download
memory/2432-5-0x00007FFF39170000-0x00007FFF39C31000-memory.dmp

Filesize
10.8MB

Download