discordrat | 84b7efd2c244173234ba7208bf38d432462fa958b40ceefedff524f089b6e208

Analysis

max time kernel
2s
max time network
3s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2024 22:54

Target

Spoofer/Hardware Spoofer.exe
Size

78KB
MD5

ef0e02648400217a2439479006ea078e
SHA1

59227c31761b27f1c5dab07c6ea6228946339ce3
SHA256

9515c899651eb0f87902193c595ca7babd947ed36ce0f8c9515f41e6a4b2890b
SHA512

46e4bce6d53d7845f6e3dd3a16e35797c5c4dcee453d21f967b7188b3b1218363b5a6b0a1ad460cf2a35a3114afa7c72858e3efc98fb2035d7191d1cda1af7bc
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+EPIC:5Zv5PDwbjNrmAE+YIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTExODY1MTM0MDY5MjkzMDU4MA.GyYPbd.gv_mSClOMYmZ_EMjVhy1iGJpGBV4mylJ_ARxXk
server_id
1118654792068251759

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2668	Hardware Spoofer.exe

C:\Users\Admin\AppData\Local\Temp\Spoofer\Hardware Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\Spoofer\Hardware Spoofer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2668

memory/2668-0-0x00007FFA0FF63000-0x00007FFA0FF65000-memory.dmp

Filesize
8KB

Download
memory/2668-1-0x0000018694490000-0x00000186944A8000-memory.dmp

Filesize
96KB

Download
memory/2668-2-0x00000186AEA20000-0x00000186AEBE2000-memory.dmp

Filesize
1.8MB

Download
memory/2668-3-0x00007FFA0FF60000-0x00007FFA10A21000-memory.dmp

Filesize
10.8MB

Download
memory/2668-4-0x00000186AF260000-0x00000186AF788000-memory.dmp

Filesize
5.2MB

Download