discordrat | afc5e65ac31663013e7efab4921f5a8311353e71b421b0b1ab2f663bfd34ff85 | Triage

Resubmissions

13-10-2024 20:59

241013-zsy4ssyand 10

13-10-2024 19:41

241013-yecg7syhkr 10

Analysis

max time kernel
7s
max time network
0s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 20:59

Sharing

Report Analysis Logs

General

Target

Password cracker.exe
Size

78KB
MD5

a2d98167d1ad7f67b00c11d092ae9b2c
SHA1

d9a0e16ba8af29dfadc42a77c8f3d56aa2ed0dcc
SHA256

afc5e65ac31663013e7efab4921f5a8311353e71b421b0b1ab2f663bfd34ff85
SHA512

0d0c131a44b4efb17df2caf5351ff6c2b215b123a890b93fc3d1a2bb301f188483ba17648bc988215975be23bcc818ee4b3d31dffd19015685dcb3c9e49cb6c9
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+IPIC:5Zv5PDwbjNrmAE+MIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4ODkzMDY2OTc0NTAxMjc0Nw.G3JLXp.6QmxjyawVfrC6pnYIXqBIPzcGjCXEiheg7SMHA
server_id
1288929253651386379

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2544	2420	Password cracker.exe	30
PID 2420 wrote to memory of 2544	2420	Password cracker.exe	30
PID 2420 wrote to memory of 2544	2420	Password cracker.exe	30

C:\Users\Admin\AppData\Local\Temp\Password cracker.exe
"C:\Users\Admin\AppData\Local\Temp\Password cracker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2420 -s 600
  2⤵
  PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2420-0-0x000007FEF6443000-0x000007FEF6444000-memory.dmp

Filesize
4KB

Download
memory/2420-1-0x000000013FD80000-0x000000013FD98000-memory.dmp

Filesize
96KB

Download
memory/2420-2-0x000007FEF6440000-0x000007FEF6E2C000-memory.dmp

Filesize
9.9MB

Download
memory/2420-3-0x000007FEF6440000-0x000007FEF6E2C000-memory.dmp

Filesize
9.9MB

Download