Overview

overview

10

Static

static

10

rostrap.exe

windows10-2004-x64

rostrap.exe

windows11-21h2-x64

Resubmissions

13-07-2024 19:37

240713-ybwfxavapr 10

13-07-2024 19:36

240713-ybjr4svapk 10

13-07-2024 19:36

240713-ya74bavamp 10

13-07-2024 19:34

240713-yabp4svakk 10

13-07-2024 19:29

240713-x7eycswerg 10

Analysis

  • max time kernel
    39s
  • max time network
    51s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-07-2024 19:29

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    rostrap.exe

  • Size

    78KB

  • MD5

    c806f00fa32f343f9849c77003bb4cc1

  • SHA1

    4a80c5b110f93d9dbcc85885bbf231de5ac8ace6

  • SHA256

    9ddd3757585f55bea693a536e7ec6c4de0fd46f7df565f9cf6d10e339af2e845

  • SHA512

    bac500e08913263bcabab7622eb7d00443d3d426cee9000edcd7b6089cf6e42be2a6b8f93fa60ef703b5400016febf8fb4c922ff17f2c80024a39450440deeb4

  • SSDEEP

    1536:Q0QhcOUX0RU1uB3Yec0OIwbJNrfxCXhRoKV6+V+ttD:Qojj03wbJNrmAE+DD

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI2MTcwMjM0NDQ4ODUyMTgwOQ.GyJxES.iPPznz14IbFotKTZ3KViTwuS9T3PzEb13fnomo

  • server_id

    1261715255004762132

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rostrap.exe
    "C:\Users\Admin\AppData\Local\Temp\rostrap.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2880-0-0x00000144267C0000-0x00000144267D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2880-1-0x00007FFF6FE53000-0x00007FFF6FE55000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2880-2-0x0000014440DE0000-0x0000014440FA2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2880-3-0x00007FFF6FE50000-0x00007FFF70912000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2880-4-0x0000014442060000-0x0000014442588000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2880-5-0x00007FFF6FE50000-0x00007FFF70912000-memory.dmp

    Filesize

    10.8MB

    Download