discordrat | b686a911bf3d93dc0a30bdc046d74fae1ee580ad4a6620d67d9b3af00b3e7a3d

Resubmissions

01-08-2024 07:49

01-08-2024 03:41

01-08-2024 01:51

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 01:51

Target

Discord bot.exe
Size

90KB
MD5

24cde9873a5517844a29d0652889d284
SHA1

61e0edee68767fa2d2898bad5144e0059a417589
SHA256

b686a911bf3d93dc0a30bdc046d74fae1ee580ad4a6620d67d9b3af00b3e7a3d
SHA512

4c7f29150f37f8c943809264ead1ea5223919bceb62266413e8e2775ae5430e5fda8c40557abba12c920e1db822ea32c99116d7c9686d4444bbb6fe6fc86a1c1
SSDEEP

1536:THaXnTwWMeuPJdtAqBkblZNwpqejwSjZjZbANrC+uexCxoKV6+fhVp:msWMeuPy0kblbSqeUwZjZbANrC+bShH

Score

10^/10

Family

discordrat

Attributes

discord_token
MTE4OTY4ODc2MTI5OTI1OTQ4Mw.G_zwdB.BLohYxvGEmumEgQ_WxzeKQ5m1YzgRVAsGmoaOM
server_id
1189695709369344143

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2784	2664	Discord bot.exe	30
PID 2664 wrote to memory of 2784	2664	Discord bot.exe	30
PID 2664 wrote to memory of 2784	2664	Discord bot.exe	30

C:\Users\Admin\AppData\Local\Temp\Discord bot.exe
"C:\Users\Admin\AppData\Local\Temp\Discord bot.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2664 -s 600
  2⤵
  PID:2784

memory/2664-0-0x000007FEF5993000-0x000007FEF5994000-memory.dmp

Filesize
4KB

Download
memory/2664-1-0x000000013FDD0000-0x000000013FDEA000-memory.dmp

Filesize
104KB

Download
memory/2664-2-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2664-3-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download