discordrat | f1a7a28e740662caf951e9cad821f700f179969f01c6189c7c3d2feee6b3c7ad

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 16:20

Target

deopeggfat.exe
Size

78KB
MD5

b316b49f1a5d60f2ce229a35f460a2dc
SHA1

11f98e06da2838e26048334ce1fb173ead3fdbf4
SHA256

f1a7a28e740662caf951e9cad821f700f179969f01c6189c7c3d2feee6b3c7ad
SHA512

0359fab471b39a9658c372acf0f047e48bc1ba0a0dd23c58d54f497ea7eba996f57b80d1db7d48aefe4bee7bca085784e53cafe3873dc07ba2d22f5334794edd
SSDEEP

1536:t2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIF:tZv5PDwbjNrmAE+VIF

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI1ODI0ODgxODg5NDQzODU0MQ.GtMqtu.TFdVaB2ncG-zERbucajj-1qChbt7CtWp-x3zsM
server_id
1258106314291286016

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2548	1964	deopeggfat.exe	30
PID 1964 wrote to memory of 2548	1964	deopeggfat.exe	30
PID 1964 wrote to memory of 2548	1964	deopeggfat.exe	30

C:\Users\Admin\AppData\Local\Temp\deopeggfat.exe
"C:\Users\Admin\AppData\Local\Temp\deopeggfat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1964 -s 600
  2⤵
  PID:2548

memory/1964-0-0x000007FEF60E3000-0x000007FEF60E4000-memory.dmp

Filesize
4KB

Download
memory/1964-1-0x000000013FF90000-0x000000013FFA8000-memory.dmp

Filesize
96KB

Download
memory/1964-2-0x000007FEF60E0000-0x000007FEF6ACC000-memory.dmp

Filesize
9.9MB

Download
memory/1964-3-0x000007FEF60E3000-0x000007FEF60E4000-memory.dmp

Filesize
4KB

Download
memory/1964-4-0x000007FEF60E0000-0x000007FEF6ACC000-memory.dmp

Filesize
9.9MB

Download