discordrat | 574c5d147be871088a39dcf2dc54bf123f74da56ed2a44613e8e643e2d247ac0

Analysis

max time kernel
94s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InstallerV5.exe
Size

78KB
MD5

b61d469cf77f2dd30e1ef31acba14fc3
SHA1

e1931cb1d20128df56ddfff69f84c5c1ed2975a7
SHA256

574c5d147be871088a39dcf2dc54bf123f74da56ed2a44613e8e643e2d247ac0
SHA512

bfee99acb08c57615d6bae9eee7bc331eecc82fee81fa09469fe7e891779cfda34860aacba77baa8c15482141169d366713ed4d6108990d4f553ac0734e256b1
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+K8PIC:5Zv5PDwbjNrmAE+KwIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1Nzc5NzM0ODg0Mzg0Nzc1MQ.Gt4uVY.fwQ0zxAA0tWa6W71KN3mXkRSbFGrwOcaXRwFhU
server_id
1257772717743276134

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

4 discord.com
6 discord.com
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

InstallerV5.exe

description pid process

Token: SeDebugPrivilege 3912 InstallerV5.exe

flow	ioc
4	discord.com
6	discord.com

description	pid	process
Token: SeDebugPrivilege	3912	InstallerV5.exe

C:\Users\Admin\AppData\Local\Temp\InstallerV5.exe
"C:\Users\Admin\AppData\Local\Temp\InstallerV5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3912-1-0x000002655CE20000-0x000002655CE38000-memory.dmp

Filesize
96KB

Download
memory/3912-0-0x00007FFF22B93000-0x00007FFF22B95000-memory.dmp

Filesize
8KB

Download
memory/3912-2-0x0000026577500000-0x00000265776C2000-memory.dmp

Filesize
1.8MB

Download
memory/3912-3-0x00007FFF22B90000-0x00007FFF23651000-memory.dmp

Filesize
10.8MB

Download
memory/3912-4-0x0000026577E40000-0x0000026578368000-memory.dmp

Filesize
5.2MB

Download
memory/3912-5-0x00007FFF22B90000-0x00007FFF23651000-memory.dmp

Filesize
10.8MB

Download