discordrat | ffd4bd9e263311f8efe8eb9158c7cc7e59a84ce844e91655cd2232c84be594f4

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18-07-2024 21:59

Target

exn0 checker V2.exe
Size

78KB
MD5

45c38e3349a37dd1e5b7356bf9c2485b
SHA1

11d2cf42586ab912e95291fb864eb4438eb33b85
SHA256

ffd4bd9e263311f8efe8eb9158c7cc7e59a84ce844e91655cd2232c84be594f4
SHA512

21dc056f90f13ecdb00d06d6b301ef51ad468cbcbf89f6147a6163c5e53d34cab57d70fdce0ff6af5a5836c3e8ea567f4ee757813924bf04dc044b31ef3f68a4
SSDEEP

1536:92WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+43PIYi:9Zv5PDwbjNrmAE+4/IYi

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1ODUxMDQ2NjE3MTQwODU0Ng.GmFXj3.Df8AN0DYd5vFnobuxLzbBh44NkKSu353OwSKTw
server_id
1262731677139210340

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2796	2632	exn0 checker V2.exe	30
PID 2632 wrote to memory of 2796	2632	exn0 checker V2.exe	30
PID 2632 wrote to memory of 2796	2632	exn0 checker V2.exe	30

C:\Users\Admin\AppData\Local\Temp\exn0 checker V2.exe
"C:\Users\Admin\AppData\Local\Temp\exn0 checker V2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2632 -s 596
  2⤵
  PID:2796

memory/2632-0-0x000007FEF5BC3000-0x000007FEF5BC4000-memory.dmp

Filesize
4KB

Download
memory/2632-1-0x000000013F210000-0x000000013F228000-memory.dmp

Filesize
96KB

Download
memory/2632-2-0x000007FEF5BC0000-0x000007FEF65AC000-memory.dmp

Filesize
9.9MB

Download
memory/2632-3-0x000007FEF5BC3000-0x000007FEF5BC4000-memory.dmp

Filesize
4KB

Download
memory/2632-4-0x000007FEF5BC0000-0x000007FEF65AC000-memory.dmp

Filesize
9.9MB

Download