discordrat | 43409f8adcbaae22211ffac1ae7075fd02b8e31e6a045fc5ef33c61e8f80d5f3

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 12:09

Target

AllizSpoofer.exe
Size

78KB
MD5

fce4de2c4e5a0138fc162ce7e73ffdc2
SHA1

732fcd5f024aa5752b2ef3d8f6ddf0f40e93c714
SHA256

43409f8adcbaae22211ffac1ae7075fd02b8e31e6a045fc5ef33c61e8f80d5f3
SHA512

22be75bed543e2541f37890541eb0e8a2ad526c1c5f1dd7c930a13857f23804dbdf4339772a17d5d40e4b8c24f9b6c5df2ecc3587f8f65b58dc8eff4d09ea406
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI4NjYzMjk0Njg1NzY3MjcwNA.GRnd3c.uBOFgmowGMuT8g9W0s-CmrMTXr5VDVgIZ5biXM
server_id
1286626810435731498

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 3020	2328	AllizSpoofer.exe	31
PID 2328 wrote to memory of 3020	2328	AllizSpoofer.exe	31
PID 2328 wrote to memory of 3020	2328	AllizSpoofer.exe	31

C:\Users\Admin\AppData\Local\Temp\AllizSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\AllizSpoofer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2328 -s 600
  2⤵
  PID:3020

memory/2328-0-0x000007FEF5D03000-0x000007FEF5D04000-memory.dmp

Filesize
4KB

Download
memory/2328-1-0x000000013F440000-0x000000013F458000-memory.dmp

Filesize
96KB

Download
memory/2328-2-0x000007FEF5D00000-0x000007FEF66EC000-memory.dmp

Filesize
9.9MB

Download
memory/2328-3-0x000007FEF5D03000-0x000007FEF5D04000-memory.dmp

Filesize
4KB

Download
memory/2328-4-0x000007FEF5D00000-0x000007FEF66EC000-memory.dmp

Filesize
9.9MB

Download
memory/2328-5-0x000007FEF5D00000-0x000007FEF66EC000-memory.dmp

Filesize
9.9MB

Download