Overview

overview

10

Static

static

10

Generator Nitro.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    3s
  • max time network
    10s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26-07-2024 23:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Generator Nitro.exe

  • Size

    78KB

  • MD5

    0868b68eb6a7390020bae33a28ad8d29

  • SHA1

    e6f95785a85448186f83923218c4f4d6cc60da78

  • SHA256

    fdc4c8c77f9c6ca6e0c56c493c07cac44bcc043d56f1d4ea8721bea721098f03

  • SHA512

    b028b95d61676e688c82c428b5a2eb92b47bd844219de471f65dff889cb15c1ba29885dfb191761cc5c38de40f701e423152e670814bc597c8c4fb2b79aeacb2

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1OTU2ODkwMzk0NDkzMzQxNw.GeDj1-.7tSpkM3RTBrAfXI-XtK7RcKhDqgoqAUCiVqYos

  • server_id

    1246512109504958494

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Generator Nitro.exe
    "C:\Users\Admin\AppData\Local\Temp\Generator Nitro.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4428-0-0x00007FFB4BC53000-0x00007FFB4BC55000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4428-1-0x0000020224DF0000-0x0000020224E08000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4428-2-0x000002023F400000-0x000002023F5C2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4428-3-0x00007FFB4BC50000-0x00007FFB4C712000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4428-4-0x00000202406D0000-0x0000020240BF8000-memory.dmp

    Filesize

    5.2MB

    Download