Analysis
-
max time kernel
94s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12-07-2024 15:32
Behavioral task
behavioral1
Sample
InstallerV5.exe
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
InstallerV5.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
InstallerV5.exe
-
Size
78KB
-
MD5
b61d469cf77f2dd30e1ef31acba14fc3
-
SHA1
e1931cb1d20128df56ddfff69f84c5c1ed2975a7
-
SHA256
574c5d147be871088a39dcf2dc54bf123f74da56ed2a44613e8e643e2d247ac0
-
SHA512
bfee99acb08c57615d6bae9eee7bc331eecc82fee81fa09469fe7e891779cfda34860aacba77baa8c15482141169d366713ed4d6108990d4f553ac0734e256b1
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+K8PIC:5Zv5PDwbjNrmAE+KwIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1Nzc5NzM0ODg0Mzg0Nzc1MQ.Gt4uVY.fwQ0zxAA0tWa6W71KN3mXkRSbFGrwOcaXRwFhU
-
server_id
1257772717743276134
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
InstallerV5.exedescription pid process Token: SeDebugPrivilege 3912 InstallerV5.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3912-1-0x000002655CE20000-0x000002655CE38000-memory.dmpFilesize
96KB
-
memory/3912-0-0x00007FFF22B93000-0x00007FFF22B95000-memory.dmpFilesize
8KB
-
memory/3912-2-0x0000026577500000-0x00000265776C2000-memory.dmpFilesize
1.8MB
-
memory/3912-3-0x00007FFF22B90000-0x00007FFF23651000-memory.dmpFilesize
10.8MB
-
memory/3912-4-0x0000026577E40000-0x0000026578368000-memory.dmpFilesize
5.2MB
-
memory/3912-5-0x00007FFF22B90000-0x00007FFF23651000-memory.dmpFilesize
10.8MB