discordrat | b0b56c34b11b0b0d4c2e99f32a222346ea88bacd97d6b9673dfffee91daee1ef

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03-08-2024 13:56

Target

a62ce24a252b32046e1749508b00a4e0N.exe
Size

78KB
MD5

a62ce24a252b32046e1749508b00a4e0
SHA1

c2710bf45b18b69fbc0d9046a7b92472e8b6b404
SHA256

b0b56c34b11b0b0d4c2e99f32a222346ea88bacd97d6b9673dfffee91daee1ef
SHA512

7a0dfd22ea7d6a8826e4414a72e435deda7e5e12bea1844f6413de986ebd6db46a9af6122176a8235de6f38d5429eb338198a36ee027c829f04836d721dbe6b9
SSDEEP

1536:i2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+1PIS:iZv5PDwbjNrmAE+lIS

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1MDExOTQ0MDQwMjQ4NTMzMA.Ge_nb9.bOZ6uIVIsB-r7_5Obut7NbrQdA-19MP5qhjASM
server_id
1250120668813594766

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2800	2244	a62ce24a252b32046e1749508b00a4e0N.exe	30
PID 2244 wrote to memory of 2800	2244	a62ce24a252b32046e1749508b00a4e0N.exe	30
PID 2244 wrote to memory of 2800	2244	a62ce24a252b32046e1749508b00a4e0N.exe	30

C:\Users\Admin\AppData\Local\Temp\a62ce24a252b32046e1749508b00a4e0N.exe
"C:\Users\Admin\AppData\Local\Temp\a62ce24a252b32046e1749508b00a4e0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2244 -s 596
  2⤵
  PID:2800

memory/2244-0-0x000007FEF59E3000-0x000007FEF59E4000-memory.dmp

Filesize
4KB

Download
memory/2244-1-0x000000013FF80000-0x000000013FF98000-memory.dmp

Filesize
96KB

Download
memory/2244-2-0x000007FEF59E0000-0x000007FEF63CC000-memory.dmp

Filesize
9.9MB

Download
memory/2244-3-0x000007FEF59E3000-0x000007FEF59E4000-memory.dmp

Filesize
4KB

Download
memory/2244-4-0x000007FEF59E0000-0x000007FEF63CC000-memory.dmp

Filesize
9.9MB

Download