Analysis Overview
SHA256
a0bcb2876aec1eb2173e2f49c3cc1548ce04f38a593ed04d24ff0e3045c0faf6
Threat Level: Known bad
The file Client-built.zip was found to be: Known bad.
Malicious Activity Summary
Discordrat family
Discord RAT
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-09-05 11:54
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral7
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:53
Platform
debian12-mipsel-20240221-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:54
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:53
Platform
debian9-mipsbe-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 13:17
Platform
win11-20240802-en
Max time kernel
437s
Max time network
1159s
Command Line
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
Files
memory/1328-0-0x00007FF9D67F3000-0x00007FF9D67F5000-memory.dmp
memory/1328-1-0x00000149D2D10000-0x00000149D2D28000-memory.dmp
memory/1328-2-0x00000149ED3E0000-0x00000149ED5A2000-memory.dmp
memory/1328-3-0x00007FF9D67F0000-0x00007FF9D72B2000-memory.dmp
memory/1328-4-0x00000149EE750000-0x00000149EEC78000-memory.dmp
memory/1328-5-0x00007FF9D67F3000-0x00007FF9D67F5000-memory.dmp
memory/1328-6-0x00007FF9D67F0000-0x00007FF9D72B2000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 13:17
Platform
macos-20240711.1-en
Max time kernel
368s
Max time network
1801s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Client-built.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Client-built.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Client-built.exe]
/bin/zsh
[/bin/zsh -c /Users/run/Client-built.exe]
/Users/run/Client-built.exe
[/Users/run/Client-built.exe]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 34-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:53
Platform
debian9-mipsel-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:53
Platform
ubuntu2004-amd64-20240729-en
Max time kernel
0s
Max time network
0s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:53
Platform
ubuntu2204-amd64-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 13:16
Platform
win10v2004-20240802-en
Max time kernel
429s
Max time network
1151s
Command Line
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
memory/540-0-0x00007FF8D9623000-0x00007FF8D9625000-memory.dmp
memory/540-1-0x00000216A9390000-0x00000216A93A8000-memory.dmp
memory/540-2-0x00000216C3B70000-0x00000216C3D32000-memory.dmp
memory/540-3-0x00007FF8D9620000-0x00007FF8DA0E1000-memory.dmp
memory/540-4-0x00000216C4270000-0x00000216C4798000-memory.dmp
memory/540-5-0x00007FF8D9623000-0x00007FF8D9625000-memory.dmp
memory/540-6-0x00007FF8D9620000-0x00007FF8DA0E1000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:53
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
6s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 13:19
Platform
macos-20240711.1-en
Max time kernel
365s
Max time network
1653s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Client-built.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Client-built.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Client-built.exe]
/bin/zsh
[/bin/zsh -c /Users/run/Client-built.exe]
/Users/run/Client-built.exe
[/Users/run/Client-built.exe]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
Network
| Country | Destination | Domain | Proto |
| GB | 17.250.81.69:443 | tcp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| GB | 2.22.128.162:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 184.26.189.174:443 | help.apple.com | tcp |
| GB | 184.26.189.174:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:53
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 12:53
Platform
ubuntu2404-amd64-20240729-en
Max time kernel
0s
Max time network
0s
Command Line
Signatures
Processes
/tmp/Client-built.exe
[/tmp/Client-built.exe]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-05 11:54
Reported
2024-09-05 13:14
Platform
win10-20240404-en
Max time kernel
615s
Max time network
1608s
Command Line
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
Files
memory/1424-0-0x00007FF8C9B73000-0x00007FF8C9B74000-memory.dmp
memory/1424-1-0x0000016ABB510000-0x0000016ABB528000-memory.dmp
memory/1424-2-0x0000016AD5C50000-0x0000016AD5E12000-memory.dmp
memory/1424-3-0x00007FF8C9B70000-0x00007FF8CA55C000-memory.dmp
memory/1424-4-0x0000016AD6450000-0x0000016AD6976000-memory.dmp
memory/1424-5-0x00007FF8C9B73000-0x00007FF8C9B74000-memory.dmp
memory/1424-6-0x00007FF8C9B70000-0x00007FF8CA55C000-memory.dmp