discordrat | 126d3abd2382378833b22df594d176fbf08223e9dc3679364bc46ac835296323

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 09:20

Target

sigma.exe
Size

78KB
MD5

1b29c01dc26295000d69aa5237e9ea95
SHA1

34d81d53e28031c4d5f0a5d1e1d85390fc6b339e
SHA256

126d3abd2382378833b22df594d176fbf08223e9dc3679364bc46ac835296323
SHA512

273013ff15cab03072afb33946688785f28d261e19ce5fde890035e0b8900e53b9642d7fe2cf9c3799dbfb73ac1d4a3508c5b3f8752a5bc877212ad181254fad
SSDEEP

1536:/2WjO8XeEXFi5P7v88wbjNrfxCXhRoKV6+V+NPIC:/Zs5PDwbjNrmAE+dIC

Score

10^/10

Family

discordrat

Attributes

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1392	sigma.exe

C:\Users\Admin\AppData\Local\Temp\sigma.exe
"C:\Users\Admin\AppData\Local\Temp\sigma.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1392

memory/1392-0-0x00000229858C0000-0x00000229858D8000-memory.dmp

Filesize
96KB

Download
memory/1392-1-0x00007FFC58D53000-0x00007FFC58D55000-memory.dmp

Filesize
8KB

Download
memory/1392-2-0x000002299FEF0000-0x00000229A00B2000-memory.dmp

Filesize
1.8MB

Download
memory/1392-3-0x00007FFC58D50000-0x00007FFC59811000-memory.dmp

Filesize
10.8MB

Download
memory/1392-4-0x00000229A0730000-0x00000229A0C58000-memory.dmp

Filesize
5.2MB

Download
memory/1392-5-0x00007FFC58D50000-0x00007FFC59811000-memory.dmp

Filesize
10.8MB

Download