discordrat | 431e6b5ebcd4e520a35b2c366a2736a3fa7d6f195ff38c2da5d0ee10c4752116

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 00:24

Target

Clientbuilt.exe
Size

78KB
MD5

9c67c865764971c010db67b16d8e54f6
SHA1

6d367057324850064d8c123ee0945aa26bec6919
SHA256

431e6b5ebcd4e520a35b2c366a2736a3fa7d6f195ff38c2da5d0ee10c4752116
SHA512

11300538f58dbdcca5a5a11a0abf1eae43da1b76aec45c9b677c7179afe9c7f7c9c3e2199d57e15d934e9263db90d504cecd45680760460c7383ad7a55493cc2
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI4NzUyNTQzNTEwMTQxMzM4Ng.GtVbx7.FvF0h4lHuVyBkh2WkhKv1Rt6LYO2DeIhhC7B4w
server_id
1284556619035836428

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 1524	2548	Clientbuilt.exe	30
PID 2548 wrote to memory of 1524	2548	Clientbuilt.exe	30
PID 2548 wrote to memory of 1524	2548	Clientbuilt.exe	30

C:\Users\Admin\AppData\Local\Temp\Clientbuilt.exe
"C:\Users\Admin\AppData\Local\Temp\Clientbuilt.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2548 -s 596
  2⤵
  PID:1524

memory/2548-0-0x000007FEF5D43000-0x000007FEF5D44000-memory.dmp

Filesize
4KB

Download
memory/2548-1-0x000000013F360000-0x000000013F378000-memory.dmp

Filesize
96KB

Download
memory/2548-2-0x000007FEF5D40000-0x000007FEF672C000-memory.dmp

Filesize
9.9MB

Download
memory/2548-3-0x000007FEF5D43000-0x000007FEF5D44000-memory.dmp

Filesize
4KB

Download
memory/2548-4-0x000007FEF5D40000-0x000007FEF672C000-memory.dmp

Filesize
9.9MB

Download