discordrat | 7f63a4691f7d818ef1868d269d38862c0a19dcda170cdb5dd8788d8d451a548c

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 20:55

Target

babayanew.exe
Size

78KB
MD5

7209d6899561c71ca335c2d795d67ae3
SHA1

eb5685dbd5db4d2800649dc3fcc57b9a6917d09a
SHA256

7f63a4691f7d818ef1868d269d38862c0a19dcda170cdb5dd8788d8d451a548c
SHA512

cab4cb58746ff45766fd1566e6a3879d5ff85c759ee620fca9d305dfdd85a8c526d1b296683541821b87bd00e6b678a046d5c9c4b7d7badcb8386b4db8029e92
SSDEEP

1536:K2WjO8XeEXF15P7v88wbjNrfxCXhRoKV6+V+VPIC:KZb5PDwbjNrmAE+FIC

Score

10^/10

Family

discordrat

Attributes

discord_token
https://discord.com/api/webhooks/1296206480852127744/QR0Ij0ivxObUlFMF780C3YZ5TxjdP8PCuVx-iht_GGwTaj8HwwmhOy18jEHc0UiQWQO2
server_id
1296206452741902457

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

babayanew.exe

description	pid	Process
Token: SeDebugPrivilege	2900	babayanew.exe

C:\Users\Admin\AppData\Local\Temp\babayanew.exe
"C:\Users\Admin\AppData\Local\Temp\babayanew.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2900

memory/2900-1-0x000001C87D100000-0x000001C87D118000-memory.dmp

Filesize
96KB

Download
memory/2900-0-0x00007FFF612E3000-0x00007FFF612E5000-memory.dmp

Filesize
8KB

Download
memory/2900-2-0x000001C87F7F0000-0x000001C87F9B2000-memory.dmp

Filesize
1.8MB

Download
memory/2900-3-0x00007FFF612E0000-0x00007FFF61DA1000-memory.dmp

Filesize
10.8MB

Download
memory/2900-4-0x000001C818000000-0x000001C818528000-memory.dmp

Filesize
5.2MB

Download
memory/2900-5-0x00007FFF612E0000-0x00007FFF61DA1000-memory.dmp

Filesize
10.8MB

Download