discordrat | c24b5bf3b0744b1a2937839bbd56abbe7b2a1699ab0e51318ac4ceba90c39a87

Analysis

max time kernel
24s
max time network
20s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24-07-2024 21:55

Target

19003b1e6fb5948a8ef3bf15ac7eeab0N.exe
Size

78KB
MD5

19003b1e6fb5948a8ef3bf15ac7eeab0
SHA1

22bf6c0a49fc7426f34dd987caaa302bdf5a5d77
SHA256

c24b5bf3b0744b1a2937839bbd56abbe7b2a1699ab0e51318ac4ceba90c39a87
SHA512

8fa1c2d443429e742ab26de25672a77ac64a57acdee7a44b54bc9d888435c25f15839d88265fe40a29164a0d7d955cbb0c5e1fa708712784f11a01cf133f775a
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI2MzQzNzIyMjg5NjczNDIwOQ.GiTzHo.7uSuGSDWu7s_iC3m5fdUq9ZswuY99JyKKu1ZUg
server_id
1224684836627681300

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2832	2060	19003b1e6fb5948a8ef3bf15ac7eeab0N.exe	30
PID 2060 wrote to memory of 2832	2060	19003b1e6fb5948a8ef3bf15ac7eeab0N.exe	30
PID 2060 wrote to memory of 2832	2060	19003b1e6fb5948a8ef3bf15ac7eeab0N.exe	30

C:\Users\Admin\AppData\Local\Temp\19003b1e6fb5948a8ef3bf15ac7eeab0N.exe
"C:\Users\Admin\AppData\Local\Temp\19003b1e6fb5948a8ef3bf15ac7eeab0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2060 -s 596
  2⤵
  PID:2832

memory/2060-0-0x000007FEF5AC3000-0x000007FEF5AC4000-memory.dmp

Filesize
4KB

Download
memory/2060-1-0x000000013F1E0000-0x000000013F1F8000-memory.dmp

Filesize
96KB

Download
memory/2060-2-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/2060-3-0x000007FEF5AC3000-0x000007FEF5AC4000-memory.dmp

Filesize
4KB

Download
memory/2060-4-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download