Overview

overview

10

Static

static

10

backdoor.exe

windows7-x64

10

backdoor.exe

windows10-2004-x64

10

Resubmissions

03-08-2024 10:08

240803-l6q4fsveqe 10

03-08-2024 09:51

240803-lvtefazcrm 10

Analysis

  • max time kernel
    21s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-08-2024 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    backdoor.exe

  • Size

    78KB

  • MD5

    c0459f1b10e851cfddc7ddc21a0b3d1f

  • SHA1

    d76fc32d3797c453f5bec0d9c76534ddcd7db724

  • SHA256

    2dfa94516c05d3c6935602e96e7e93f29f43c1f3ea57d16da051d22a56e1d9cf

  • SHA512

    3094d6902b479581bbc28d5f26910a67ad9aa0671657ba3581532ca50c67ab6c8dd29121bb0e7cc23827dfc92166aea28ce52e52b91a4ab8e9b073bdbdf16c38

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+7PIC:5Zv5PDwbjNrmAE+zIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI2OTIyMjMyMjIyOTczOTUzMg.GyI708.Ijt-1CqRhtizkyYbNU0tX2q9hIir5_GAAhlryk

  • server_id

    1268848189814079488

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\backdoor.exe
    "C:\Users\Admin\AppData\Local\Temp\backdoor.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1316 -s 596
      2⤵
        PID:2920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1316-0-0x000007FEF5DD3000-0x000007FEF5DD4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1316-1-0x000000013FB50000-0x000000013FB68000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1316-2-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1316-3-0x000007FEF5DD3000-0x000007FEF5DD4000-memory.dmp

      Filesize

      4KB

      Download