discordrat | c294635103f902bcc9efe1b4ae4ef86b226a657b627fca38e0db840f882dd0a5

Analysis

max time kernel
31s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 01:56

Target

ab4714df1877b59e511db33d45e27748.exe
Size

78KB
MD5

ab4714df1877b59e511db33d45e27748
SHA1

9361f003225e8d9e6318d21a0ea4c3e8abd28098
SHA256

c294635103f902bcc9efe1b4ae4ef86b226a657b627fca38e0db840f882dd0a5
SHA512

ed18a6e4fa0d430068c7010f82cd315db61a59a1124b73485d605a7ba06a28272a9e75c00455cddfa134fe0877fd913bf708e58514ca96be92235cb8bad8ea04
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+9PIC:5Zv5PDwbjNrmAE+tIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1NzYzNjQ1NDI5MzcwNDcwNA.GriHoe.5AoWc0NGUyx_i3CgIfNmTychDUDT5RP-vDj-7Q
server_id
1214291005298315345

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2488	1420	ab4714df1877b59e511db33d45e27748.exe	29
PID 1420 wrote to memory of 2488	1420	ab4714df1877b59e511db33d45e27748.exe	29
PID 1420 wrote to memory of 2488	1420	ab4714df1877b59e511db33d45e27748.exe	29

C:\Users\Admin\AppData\Local\Temp\ab4714df1877b59e511db33d45e27748.exe
"C:\Users\Admin\AppData\Local\Temp\ab4714df1877b59e511db33d45e27748.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1420 -s 600
  2⤵
  PID:2488

memory/1420-0-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

Filesize
4KB

Download
memory/1420-1-0x000000013F980000-0x000000013F998000-memory.dmp

Filesize
96KB

Download
memory/1420-2-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

Filesize
9.9MB

Download
memory/1420-3-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

Filesize
4KB

Download
memory/1420-4-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

Filesize
9.9MB

Download