discordrat | 9d071c0f4585b9e6db048911dccbefef5ed1101920bff5c315e50e3b487b7198

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 11:51

Target

Clientbuilt.exe
Size

78KB
MD5

680f63449192a6d032511cefacf46792
SHA1

573cbf939f954ac7f9a03533e6d84821a991eb18
SHA256

9d071c0f4585b9e6db048911dccbefef5ed1101920bff5c315e50e3b487b7198
SHA512

e0708126e55d5ae31e540f24446e595bd31bf67733cf5c764ecc00b8bfbfb9ba275b6c806bdb6b74087a7e4164781d8f1c2ed7b4552cb823ed4ac1c89d25f6a7
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTIwMjkyMTM1NjIyMDQzMjM5NA.GZxvDL.Qh43_c3yNYUKixl3jN4zKk1mkY8z_JGihVoFxY
server_id
1202946295204020254

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2252	2520	Clientbuilt.exe	30
PID 2520 wrote to memory of 2252	2520	Clientbuilt.exe	30
PID 2520 wrote to memory of 2252	2520	Clientbuilt.exe	30

C:\Users\Admin\AppData\Local\Temp\Clientbuilt.exe
"C:\Users\Admin\AppData\Local\Temp\Clientbuilt.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2520 -s 596
  2⤵
  PID:2252

memory/2520-0-0x000007FEF66B3000-0x000007FEF66B4000-memory.dmp

Filesize
4KB

Download
memory/2520-1-0x000000013F3A0000-0x000000013F3B8000-memory.dmp

Filesize
96KB

Download
memory/2520-2-0x000007FEF66B0000-0x000007FEF709C000-memory.dmp

Filesize
9.9MB

Download
memory/2520-3-0x000007FEF66B3000-0x000007FEF66B4000-memory.dmp

Filesize
4KB

Download
memory/2520-4-0x000007FEF66B0000-0x000007FEF709C000-memory.dmp

Filesize
9.9MB

Download