Analysis Overview
SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97
Threat Level: Known bad
The file release.zip was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Discordrat family
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-10 23:24
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-10 23:24
Reported
2024-09-10 23:27
Platform
win10-20240404-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dnlib.dll,#1
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-10 23:24
Reported
2024-09-10 23:27
Platform
win10-20240404-en
Max time kernel
107s
Max time network
54s
Command Line
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
Files
memory/4472-0-0x00007FFC74E63000-0x00007FFC74E64000-memory.dmp
memory/4472-1-0x000001FD7DC30000-0x000001FD7DC48000-memory.dmp
memory/4472-2-0x000001FD18A90000-0x000001FD18C52000-memory.dmp
memory/4472-3-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp
memory/4472-4-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp
memory/4472-5-0x00007FFC74E60000-0x00007FFC7584C000-memory.dmp
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
| MD5 | fe01bf0f4915989b05a0ec8202468dd6 |
| SHA1 | 2200b920702b62c77e7b85fe7140e7783f12f61f |
| SHA256 | c25c9c5f679c128d00d8f30fd980a8210ebf85a0ed793d4c0b27075afa937e91 |
| SHA512 | a85d49ee1346408ab0dc7bfd04661dfd10db800106197963e391dd79b9087e5aa2116b3754a79e5516e5c079b3241e768f320b9ed910e6b95aa76f112c9ad740 |
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
| MD5 | c4f61c6c6b3a1e3a7c49e60879dfd7db |
| SHA1 | c2ad0ff8ba65e0687a44fc3bdfdd8acb7b706aff |
| SHA256 | cddb55cbd4e020265289d22de8178ca2c6e255b6de3245a69462860d638574db |
| SHA512 | 0ffbd3a9606671368c6e299f51427d7aa1aca832c077481991d9cf128f2fd7912a683edbba594e842703d8c1e1d8b713c63957062ab0960623326272da63a451 |
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
| MD5 | 726c7eb21f1ab8c673155b0dd2dbf430 |
| SHA1 | 05cccc3cd6e6dad0c39047f133cb74897ccfced2 |
| SHA256 | a1537d8eb5380375836c3da7c3c3cb1b258c64bf45d2eed4b60be7b9902ecd7f |
| SHA512 | 063f9eeb7b0da6ffb92fd85ee52791c241bb87ff9fcc3a8e518c2f2ef9fed2b11a28ce9121fbbc510a6aa7f4f9c0764ae45be40e59da5f90ebfe0c038240ba8c |
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
| MD5 | 2146832e7586e02d844e9c73363e6f26 |
| SHA1 | 60ad831c9a2c57a5f9983594a5951f0d634bb0ad |
| SHA256 | bb1dd0691f230be09d42caafbb0a26682a2b32cd484ee1f5f5b02afbbccf779c |
| SHA512 | b6a2de026b0a5fbb011f158d6190bc4ed598a26b79f01ea0e449aff3de05aff369a9c403387572368f1cc768b7e5b02177cff903f2996d0de49a008e27c4969b |
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
| MD5 | 9c3de548d8241bbe9de108c3abde9e41 |
| SHA1 | 9f5fced8af54b51dfa63fda3cc5890348dcd3e18 |
| SHA256 | ee6345de48b6828a76d15ce8e8bcfd3e9038dd10ebff9b2d09207abb05b2f876 |
| SHA512 | df4b42217ffe71e3e486609022c17ee16bd7bc1e26eb7fa3fde95aa1a78920fe0cbfd8751791836d7805b47cb6d675869c77d9e5e7eb5223d4e5e31d428a8740 |
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
| MD5 | 571b18afce29f72f7495a865793ec59f |
| SHA1 | 12edc0ac72e0924b9971ddc0dbf3bf8c0f7cefe5 |
| SHA256 | e501d664c46545dcd8b8182fa902ad5b2ad24dbbaea757d73b7bbdeafe899dbc |
| SHA512 | 28b1365f7181f886c6ba6099ca1c2297189c143c9adc5fe0bee3afa16f0dcc191cf8fc54cfdc4b59a79f1fd908208b30ad9d1d753f0df7ed0924914e3c271dcf |
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 852455b795c8fccc3982f5f50697bec2 |
| SHA1 | 6e3bf2d624660e5982158d281c9d0d2503c1eeb5 |
| SHA256 | 103300e9b370b4e6efbbdc86e102f6b1c4cf0674ccd5a47b1acb29d584e6c12b |
| SHA512 | c54c9c106d98304c4f7475952776d6e54c1828c9141940276906c4fcab49a0e8b7a56cd240f5e63b6793e6678e0d715f617b4ca5dcdefa59560768fb08a63cdb |
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
| MD5 | 761e1a3225ae0904e4f81f0636345af4 |
| SHA1 | 1d89a2cd0bbb681fde97c6c48d948dcf502ae01e |
| SHA256 | bcb558b00f09d5c7fc5f236b3c65407a67893bf08e6017841c514ad55967d59c |
| SHA512 | 2dae9882c47070455cd91073625a73b0080b35a647c618b576c96bc6570089f2000cac9c7d1ec8f3c27dabc7a1afaab255a9e039701481ce2aee3d5b65ec4856 |
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 5dab99d548d20c94871e85606c6e8aca |
| SHA1 | 472f1b09921d5e0596d88a8dceec246a1dc067a3 |
| SHA256 | a5710d5dd5804d9aa0012f8317bec7803e4ecf2fe7dd111f05d65f1d170f0e64 |
| SHA512 | 160261b7ee07ff35f2d4090b6146fd489975087224e413e7d84aa1fbbd50372b2647b16c849501b0ef5df01a81425d508b0123d38a34aca7398c3ab2772aaeaf |
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
| MD5 | b392bd74c25d9d08a28d05eed590bd9d |
| SHA1 | 2973c73ef9c67e638066f31dd83f8466673ee574 |
| SHA256 | 85ae96304021e570e09d49d9a48b8689c4c5150f01a463a74a6550430c6ec1fe |
| SHA512 | fb45bb49cf265a5a7a5b07e026a62701fe5bb4cac394c9bab50c6002661e52306842546c6743fcb14a8e5915223a54671bc4995706a9059634c9d1cc5b29f5c6 |
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 77137cfb7777986a8a97bc5e8d98a214 |
| SHA1 | 629e1c7a51965124134f122ccdaa67d3c8e489c7 |
| SHA256 | 93563a7c7c1f732d8f698bc7caf070b404f047664c1e6d2ce45d1ba1afea2c1e |
| SHA512 | d0942c455b0f4cd6effb3b4e6fc506ae4b545f452b6c2a3e64343f22a86a23b65059d1505c4827eb26111440e89f404b8dd0d2ba76f5329d4e97084214c55260 |
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
| MD5 | a1a9c38034418a0f640cb7973462bfba |
| SHA1 | 3f413a838ab38af76e39bc3a8469932bbb84c0c8 |
| SHA256 | 3881f382428385862ec86b1b6b2b91277c59400de7b438ac4a79b7e2c01f26bc |
| SHA512 | 06384b3801df01b80cc10736705ba097cf1c8aa09166b6d339b0c793616a560a01dbf5ebe24e6833160e50a295e40e36b63de91ebc8ce018a4b3fdbd98c9c000 |
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
| MD5 | 8d748b916f7edd3dd6b6aef91d3c6f6e |
| SHA1 | 3ec655c3c929ccbf97054b8ae69d5b5b0aab9500 |
| SHA256 | 07d074df78ddb8a1ce37176dda33320c433c9b5c87b8a7a44ee4ce79fe2aa336 |
| SHA512 | 8f6cf15334d440a1f2c9e891f3e322ec69bd6e3e200cfd14660c6e5b9ca985330e2422edb4c4626be2a1eb4b4029d9cde6b2852b91c659e83b935fca6cdd8990 |
C:\PerfLogs
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-10 23:24
Reported
2024-09-10 23:27
Platform
win10-20240404-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\builder.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
Network
Files
memory/164-0-0x000000007321E000-0x000000007321F000-memory.dmp
memory/164-1-0x0000000000A90000-0x0000000000A98000-memory.dmp
memory/164-2-0x0000000005770000-0x0000000005C6E000-memory.dmp
memory/164-3-0x0000000005310000-0x00000000053A2000-memory.dmp
memory/164-4-0x0000000005300000-0x000000000530A000-memory.dmp
memory/164-5-0x0000000073210000-0x00000000738FE000-memory.dmp
memory/164-6-0x000000007321E000-0x000000007321F000-memory.dmp
memory/164-7-0x0000000073210000-0x00000000738FE000-memory.dmp
memory/164-8-0x00000000085F0000-0x0000000008712000-memory.dmp