discordrat | afc5e65ac31663013e7efab4921f5a8311353e71b421b0b1ab2f663bfd34ff85

Resubmissions

13-10-2024 20:59

13-10-2024 19:41

max time kernel
3s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 19:41

Target

Password cracker.exe
Size

78KB
MD5

a2d98167d1ad7f67b00c11d092ae9b2c
SHA1

d9a0e16ba8af29dfadc42a77c8f3d56aa2ed0dcc
SHA256

afc5e65ac31663013e7efab4921f5a8311353e71b421b0b1ab2f663bfd34ff85
SHA512

0d0c131a44b4efb17df2caf5351ff6c2b215b123a890b93fc3d1a2bb301f188483ba17648bc988215975be23bcc818ee4b3d31dffd19015685dcb3c9e49cb6c9
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+IPIC:5Zv5PDwbjNrmAE+MIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI4ODkzMDY2OTc0NTAxMjc0Nw.G3JLXp.6QmxjyawVfrC6pnYIXqBIPzcGjCXEiheg7SMHA
server_id
1288929253651386379

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3960	Password cracker.exe

C:\Users\Admin\AppData\Local\Temp\Password cracker.exe
"C:\Users\Admin\AppData\Local\Temp\Password cracker.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3960

memory/3960-0-0x00007FFEEB9B3000-0x00007FFEEB9B5000-memory.dmp

Filesize
8KB

Download
memory/3960-1-0x00000187D5580000-0x00000187D5598000-memory.dmp

Filesize
96KB

Download
memory/3960-2-0x00000187EFBD0000-0x00000187EFD92000-memory.dmp

Filesize
1.8MB

Download
memory/3960-3-0x00007FFEEB9B0000-0x00007FFEEC471000-memory.dmp

Filesize
10.8MB

Download
memory/3960-4-0x00000187F04B0000-0x00000187F09D8000-memory.dmp

Filesize
5.2MB

Download