discordrat | 3459e35226cf145ac143580a6507888db3810e9c28da3b04e54808b5d1149253

Analysis

max time kernel
135s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 03:27

Target

a9e093dbd1c972fd8e7bf96e65bb57f7.exe
Size

78KB
MD5

a9e093dbd1c972fd8e7bf96e65bb57f7
SHA1

39f199923cc2a30c28b71ec8eaebc9abe17fd761
SHA256

3459e35226cf145ac143580a6507888db3810e9c28da3b04e54808b5d1149253
SHA512

1f08ffc2a1492942841a32253cbe666b0427783bb19fad7c7eb57e3427bb6777ea8aa062beeb524f543ba17d8ef1b1992089850e4a368cff9143bbe3236987ed
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+/PIC:5Zv5PDwbjNrmAE+HIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI2NTA1NTY5NzQzMTY5MTMyNQ.GedQFI.I4snNL2g6u0HkYShXIMfQrgS7oHmpa18Xp3utM
server_id
1241810215675101325

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4980	a9e093dbd1c972fd8e7bf96e65bb57f7.exe

C:\Users\Admin\AppData\Local\Temp\a9e093dbd1c972fd8e7bf96e65bb57f7.exe
"C:\Users\Admin\AppData\Local\Temp\a9e093dbd1c972fd8e7bf96e65bb57f7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4980

memory/4980-0-0x00007FFB88413000-0x00007FFB88415000-memory.dmp

Filesize
8KB

Download
memory/4980-1-0x0000019A0F560000-0x0000019A0F578000-memory.dmp

Filesize
96KB

Download
memory/4980-2-0x0000019A29C80000-0x0000019A29E42000-memory.dmp

Filesize
1.8MB

Download
memory/4980-3-0x00007FFB88410000-0x00007FFB88ED1000-memory.dmp

Filesize
10.8MB

Download
memory/4980-4-0x0000019A2A480000-0x0000019A2A9A8000-memory.dmp

Filesize
5.2MB

Download
memory/4980-5-0x00007FFB88410000-0x00007FFB88ED1000-memory.dmp

Filesize
10.8MB

Download