discordrat | bbaa30ea37df3080078f35ccd41e6e1c3fe66c81d7c80dda3cf5299af988122c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 19:34

Target

Clientbuilt.exe
Size

78KB
MD5

6de48dc636e876d997534aa3c5a1b368
SHA1

02b08b739531593ac72dd2aa92b75e3466428b11
SHA256

bbaa30ea37df3080078f35ccd41e6e1c3fe66c81d7c80dda3cf5299af988122c
SHA512

23b1cdbfbc45b95e205f43e48028e5943a3a7c7c9960291e16ce34dafcb53e0e679523f30cb739bf8926355d3eb7d817d5b97c1fc722b192d9cac2925cb6380c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+WwPIC:5Zv5PDwbjNrmAE+W0IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI4NjcwOTYwMTQwNzg2MDc3Nw.GdbB5d.SstzGRfJxvsS7oS6I1M3fQK9g8R5_he-FnX100
server_id
1286709234360385586

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2168	2216	Clientbuilt.exe	31
PID 2216 wrote to memory of 2168	2216	Clientbuilt.exe	31
PID 2216 wrote to memory of 2168	2216	Clientbuilt.exe	31

C:\Users\Admin\AppData\Local\Temp\Clientbuilt.exe
"C:\Users\Admin\AppData\Local\Temp\Clientbuilt.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2216 -s 600
  2⤵
  PID:2168

memory/2216-0-0x000007FEF5F93000-0x000007FEF5F94000-memory.dmp

Filesize
4KB

Download
memory/2216-1-0x000000013F8A0000-0x000000013F8B8000-memory.dmp

Filesize
96KB

Download
memory/2216-2-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download
memory/2216-3-0x000007FEF5F93000-0x000007FEF5F94000-memory.dmp

Filesize
4KB

Download
memory/2216-4-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download