discordrat | b9351151cb27d1032feae32c5750e65b8e4a47ea67ed86e15d2bc7bd42fd1a64

Analysis

max time kernel
17s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-08-2024 09:15

Target

UnbanTool.exe
Size

78KB
MD5

7588e3039e0ec178557e1f4e8fd00f1a
SHA1

f79933d861349b51006fb36a57cf87d51bf620a9
SHA256

b9351151cb27d1032feae32c5750e65b8e4a47ea67ed86e15d2bc7bd42fd1a64
SHA512

13d8a4df568c0f1bc043d01d0f6014f6a4e40fe89de8d0df7c64b38206ffd45076b8ec435c3e98aab73e1fe6de4a09bc1524b53c2fb9bfe928d1ca8f82e5f88c
SSDEEP

1536:x2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+oPI+:xZv5PDwbjNrmAE+sI+

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIzODcwNDc5NzIzMDU2MzMzOA.Gl1Mb1.BOAMMTc11iWlaanZj7OcCPTr1tLRToM_Z9aYHY
server_id
1255836848048177255

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2316	2504	UnbanTool.exe	29
PID 2504 wrote to memory of 2316	2504	UnbanTool.exe	29
PID 2504 wrote to memory of 2316	2504	UnbanTool.exe	29

C:\Users\Admin\AppData\Local\Temp\UnbanTool.exe
"C:\Users\Admin\AppData\Local\Temp\UnbanTool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2504 -s 596
  2⤵
  PID:2316

memory/2504-0-0x000007FEF6523000-0x000007FEF6524000-memory.dmp

Filesize
4KB

Download
memory/2504-1-0x000000013FCA0000-0x000000013FCB8000-memory.dmp

Filesize
96KB

Download
memory/2504-2-0x000007FEF6520000-0x000007FEF6F0C000-memory.dmp

Filesize
9.9MB

Download
memory/2504-3-0x000007FEF6523000-0x000007FEF6524000-memory.dmp

Filesize
4KB

Download
memory/2504-4-0x000007FEF6520000-0x000007FEF6F0C000-memory.dmp

Filesize
9.9MB

Download