Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
05-07-2024 05:31
Behavioral task
behavioral1
Sample
PasteLoader.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
PasteLoader.exe
Resource
win10v2004-20240704-en
General
-
Target
PasteLoader.exe
-
Size
78KB
-
MD5
cd6bf9256b0458097209c5a619139ac5
-
SHA1
d3573dcce7406e16420ba901be06b519c6b6e88e
-
SHA256
111b13e86437a1715726c97a4cdca943c31d8eb7ce555d16e533ce6a730bd5c5
-
SHA512
01bf9c0df4cfd631200b68067c4becea373b2d74ce809fefd6549d24db7fde11cb6e83b8f0f3704b84554d16267eb7f2de92a8a3c5af912746211231da6b46e2
-
SSDEEP
1536:wIQOI8S4zTMHFEOEGZefHeKrIX8amErwbjNrB+uexCroKV6+fd6:wIq8S4nMLeGKrIX8amcwbjNrB+xSd6
Malware Config
Extracted
discordrat
-
discord_token
MTEzODk3NzE0NzIzMTQyNDUxMg.GLN9Vx.uY2JaATZMA6ZxDffSmpo3K467bAT1_uBeq8ZsI
-
server_id
1258562412324585592
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
PasteLoader.exedescription pid process target process PID 2580 wrote to memory of 1804 2580 PasteLoader.exe WerFault.exe PID 2580 wrote to memory of 1804 2580 PasteLoader.exe WerFault.exe PID 2580 wrote to memory of 1804 2580 PasteLoader.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2580-0-0x000007FEF50E3000-0x000007FEF50E4000-memory.dmpFilesize
4KB
-
memory/2580-1-0x000000013F6D0000-0x000000013F6E8000-memory.dmpFilesize
96KB
-
memory/2580-2-0x000007FEF50E0000-0x000007FEF5ACC000-memory.dmpFilesize
9.9MB
-
memory/2580-3-0x000007FEF50E3000-0x000007FEF50E4000-memory.dmpFilesize
4KB
-
memory/2580-4-0x000007FEF50E0000-0x000007FEF5ACC000-memory.dmpFilesize
9.9MB