Overview

overview

10

Static

static

10

a73d13bdc1...0N.exe

windows7-x64

10

a73d13bdc1...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-09-2024 20:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a73d13bdc160d00eeec0f9f8f3266420N.exe

  • Size

    78KB

  • MD5

    a73d13bdc160d00eeec0f9f8f3266420

  • SHA1

    91597d9a65aa72408cc5b5deb8ee8f9e1e66ea9b

  • SHA256

    337677f443812d6ff372f94eb34f56b0068cac52c9843f06c7d1f3804b1994b8

  • SHA512

    c0cb115f348dc1622a6849fe9d6b82513030163f99bf6b1c061303d009dbde55b87d8f4b0267715422606a7b4ca1c20a5b966d4cbb8d8cef8e533b445a423c30

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+SPIC:5Zv5PDwbjNrmAE+eIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI4MTY0MjUxMzYwNTU5MTE3NQ.GjNS81.l2_LPAekuQDgGOcLkBw3WkM9V5lIp0q2JT26is

  • server_id

    1281679840193544192

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a73d13bdc160d00eeec0f9f8f3266420N.exe
    "C:\Users\Admin\AppData\Local\Temp\a73d13bdc160d00eeec0f9f8f3266420N.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4824-0-0x00007FFAEDF93000-0x00007FFAEDF95000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4824-1-0x000001CFFFF80000-0x000001CFFFF98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4824-2-0x000001D0001D0000-0x000001D000392000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4824-3-0x00007FFAEDF90000-0x00007FFAEEA51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4824-4-0x000001CF9AC10000-0x000001CF9B138000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4824-5-0x00007FFAEDF93000-0x00007FFAEDF95000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4824-6-0x00007FFAEDF90000-0x00007FFAEEA51000-memory.dmp

    Filesize

    10.8MB

    Download