discordrat | 5d8110de63f560bdd67713daa20c042c8ba6f8329ee26d6a978236fa006a5ead | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 18:40

Sharing

Report Analysis Logs

General

Target

ELYTRAX.exe
Size

179KB
MD5

62e3d67e7b6cfdaaa276eea02dda7544
SHA1

465579808a772a688b622cdf8b6a422c966efdba
SHA256

5d8110de63f560bdd67713daa20c042c8ba6f8329ee26d6a978236fa006a5ead
SHA512

82d6347ca52a710129135e809e0b8fe7af12b96b432aa9a10cc60d7d97c3762983ed785e176530d9b8509738f91d4154c7601aa1d434bce1f10a48b1931e670f
SSDEEP

1536:N2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+/PIiY2e:NZv5PDwbjNrmAE+HIUe

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTEyNTQwNjQxODMzODU5MDgzMQ.GiXLLo.Pe1ZGlNkvh4e8epr7_VswRKSCPFOQ_rFeCQOAU
server_id
1197245471400415352

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ELYTRAX.exe

description	pid	process	target process
PID 2244 wrote to memory of 2800	2244	ELYTRAX.exe	WerFault.exe
PID 2244 wrote to memory of 2800	2244	ELYTRAX.exe	WerFault.exe
PID 2244 wrote to memory of 2800	2244	ELYTRAX.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ELYTRAX.exe
"C:\Users\Admin\AppData\Local\Temp\ELYTRAX.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2244 -s 600
  2⤵
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2244-0-0x000007FEF59E3000-0x000007FEF59E4000-memory.dmp

Filesize
4KB

Download
memory/2244-1-0x000000013FA70000-0x000000013FAA0000-memory.dmp

Filesize
192KB

Download
memory/2244-2-0x000007FEF59E0000-0x000007FEF63CC000-memory.dmp

Filesize
9.9MB

Download
memory/2244-3-0x000007FEF59E3000-0x000007FEF59E4000-memory.dmp

Filesize
4KB

Download