discordrat | 55e9df87190d0765667443af1ec079c92498ac3dc72e6966d4c2f53abffe0ecb

Analysis

max time kernel
112s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 07:28

Target

Clientbuilt.exe
Size

78KB
MD5

07ebe59f705ac20daf9402f3d4403b45
SHA1

4cfb3c7d3bc527db0640bf12140598de8ecaee0b
SHA256

55e9df87190d0765667443af1ec079c92498ac3dc72e6966d4c2f53abffe0ecb
SHA512

0a914a609b717b8842ae7c466bc6e1c2f953738c93efd5809fdaab0a3fde53453fdb3d299877e3179a342b085e53073abadb702293eca65f8e3aebb53961be0d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+MPIC:5Zv5PDwbjNrmAE+gIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI4NDM0NjI4ODY5MDY5NjI3Ng.GW2MqP.WG1Z-ODemrOVH19RaMxrUttKczrKeK7mAUt5pc
server_id
1284345300428918815

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2348	2564	Clientbuilt.exe	29
PID 2564 wrote to memory of 2348	2564	Clientbuilt.exe	29
PID 2564 wrote to memory of 2348	2564	Clientbuilt.exe	29

C:\Users\Admin\AppData\Local\Temp\Clientbuilt.exe
"C:\Users\Admin\AppData\Local\Temp\Clientbuilt.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2564 -s 596
  2⤵
  PID:2348

memory/2564-0-0x000007FEF6203000-0x000007FEF6204000-memory.dmp

Filesize
4KB

Download
memory/2564-1-0x000000013F9B0000-0x000000013F9C8000-memory.dmp

Filesize
96KB

Download
memory/2564-2-0x000007FEF6200000-0x000007FEF6BEC000-memory.dmp

Filesize
9.9MB

Download
memory/2564-3-0x000007FEF6203000-0x000007FEF6204000-memory.dmp

Filesize
4KB

Download
memory/2564-4-0x000007FEF6200000-0x000007FEF6BEC000-memory.dmp

Filesize
9.9MB

Download