discordrat | fa0743d2bf267d29fd3b464f5d0e6507da75641c54ea2dbc276f251e5c07bb46 | Triage

Analysis

max time kernel
1442s
max time network
1447s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 08:29

Sharing

Report Analysis Logs

General

Target

File.exe
Size

78KB
MD5

864b191ee732665b9c57731338c78b98
SHA1

edc7f8aef91f7491bc9521fdd6c9d458ba2523c6
SHA256

fa0743d2bf267d29fd3b464f5d0e6507da75641c54ea2dbc276f251e5c07bb46
SHA512

fee5d3eb914bda421e7ba59f8aec3e2556c9cf6844f4dc3e8e1d273101527ce4881fa0cfcb215772e8a361bc508ae16ca75de29b2f6ea2fbdbd7f8a097b9ca04
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V++5PIC:5Zv5PDwbjNrmAE++JIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzMDUyMTczMDAyODUzNTg5OA.GarEhx.v7GcXpEiTaLvKuJQDFH_JbsBKE1ygPQamxs1aM
server_id
1230521026648215613

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	832	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	832	AUDIODG.EXE
Token: 33	832	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	832	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2268	1732	File.exe	29
PID 1732 wrote to memory of 2268	1732	File.exe	29
PID 1732 wrote to memory of 2268	1732	File.exe	29

C:\Users\Admin\AppData\Local\Temp\File.exe
"C:\Users\Admin\AppData\Local\Temp\File.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1732 -s 596
  2⤵
  PID:2268

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2776

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1732-0-0x000007FEF5723000-0x000007FEF5724000-memory.dmp

Filesize
4KB

Download
memory/1732-1-0x000000013F970000-0x000000013F988000-memory.dmp

Filesize
96KB

Download
memory/1732-2-0x000007FEF5720000-0x000007FEF610C000-memory.dmp

Filesize
9.9MB

Download
memory/1732-3-0x000007FEF5720000-0x000007FEF610C000-memory.dmp

Filesize
9.9MB

Download