Analysis
-
max time kernel
125s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05-07-2024 16:40
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Client-built.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Client-built.exe
-
Size
78KB
-
MD5
9f0afb2a503c0a3c3e138384fa049265
-
SHA1
df97fd61eef13597044c36c7b3b7f16e81bfe1f2
-
SHA256
8c4f15ae33c75123ce9911b6787aaf3538949b79ef3eb6f3fd61243c0716cfd5
-
SHA512
a6e3ee37a85d153a2efe2d433e689f2b08f915eaf1733f15eb9538dd1bc020bd3171eb269bcc057ea365b6178f215bef751fed76e1e0b996164f5e5b3c9d4441
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+5PIC:5Zv5PDwbjNrmAE+JIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1NjIxMjY2MDMyMDYwMDEyNA.G7DQV9.NLy5ylC0k10-82FUBv6XeDCl21n_ORSWKo_Hy8
-
server_id
1256190460452405298
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 4 discord.com 5 discord.com 16 discord.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1780 Client-built.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Client-built.exe"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4080,i,5019894817651309870,579021928995875068,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:81⤵PID:856