discordrat | 428712821ae5e817dac8e5a989649a391360652b6d1cd1037acde05343b7deb2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 12:13

Target

TestingRat.exe
Size

51KB
MD5

c51f1ccde301a3e586b3ca5eaa5a850a
SHA1

f247d7df602a01077b301c4b3d649a8246a87833
SHA256

428712821ae5e817dac8e5a989649a391360652b6d1cd1037acde05343b7deb2
SHA512

165d9e4c9a85832c99abc62fba5cb51062e7adb8c6d861004c713bc96951d3bc6d59157b7a56ff205a72c2a40ed59363249a1b6f75bb29073ee0f770b11920d2
SSDEEP

1536:8qi7XngYMy5NY0tIX/ZJFlgrgDVa9/8klWL8W:8Vjg27YtPTgh9HY

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI4MzQ3NTY3MzkxODM0NTIyOA.G0O88D.D1ZSA1MVblUA0OvEih6-1jziKEHTTp-UOWtZQI
server_id
1037097190742560768

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2460	2236	TestingRat.exe	30
PID 2236 wrote to memory of 2460	2236	TestingRat.exe	30
PID 2236 wrote to memory of 2460	2236	TestingRat.exe	30

C:\Users\Admin\AppData\Local\Temp\TestingRat.exe
"C:\Users\Admin\AppData\Local\Temp\TestingRat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2236 -s 632
  2⤵
  PID:2460

memory/2236-0-0x000007FEF57B3000-0x000007FEF57B4000-memory.dmp

Filesize
4KB

Download
memory/2236-1-0x000000013FBF0000-0x000000013FC02000-memory.dmp

Filesize
72KB

Download
memory/2236-2-0x0000000000140000-0x0000000000158000-memory.dmp

Filesize
96KB

Download
memory/2236-3-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download
memory/2236-4-0x000007FEF57B3000-0x000007FEF57B4000-memory.dmp

Filesize
4KB

Download
memory/2236-5-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download