discordrat | 337677f443812d6ff372f94eb34f56b0068cac52c9843f06c7d1f3804b1994b8

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 20:09

Target

a73d13bdc160d00eeec0f9f8f3266420N.exe
Size

78KB
MD5

a73d13bdc160d00eeec0f9f8f3266420
SHA1

91597d9a65aa72408cc5b5deb8ee8f9e1e66ea9b
SHA256

337677f443812d6ff372f94eb34f56b0068cac52c9843f06c7d1f3804b1994b8
SHA512

c0cb115f348dc1622a6849fe9d6b82513030163f99bf6b1c061303d009dbde55b87d8f4b0267715422606a7b4ca1c20a5b966d4cbb8d8cef8e533b445a423c30
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+SPIC:5Zv5PDwbjNrmAE+eIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI4MTY0MjUxMzYwNTU5MTE3NQ.GjNS81.l2_LPAekuQDgGOcLkBw3WkM9V5lIp0q2JT26is
server_id
1281679840193544192

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2700	2112	a73d13bdc160d00eeec0f9f8f3266420N.exe	30
PID 2112 wrote to memory of 2700	2112	a73d13bdc160d00eeec0f9f8f3266420N.exe	30
PID 2112 wrote to memory of 2700	2112	a73d13bdc160d00eeec0f9f8f3266420N.exe	30

C:\Users\Admin\AppData\Local\Temp\a73d13bdc160d00eeec0f9f8f3266420N.exe
"C:\Users\Admin\AppData\Local\Temp\a73d13bdc160d00eeec0f9f8f3266420N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2112 -s 596
  2⤵
  PID:2700

memory/2112-0-0x000007FEF5753000-0x000007FEF5754000-memory.dmp

Filesize
4KB

Download
memory/2112-1-0x000000013F170000-0x000000013F188000-memory.dmp

Filesize
96KB

Download
memory/2112-2-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download
memory/2112-3-0x000007FEF5753000-0x000007FEF5754000-memory.dmp

Filesize
4KB

Download
memory/2112-4-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download