Overview

overview

10

Static

static

10

Yizzymenu3....0.exe

windows7-x64

10

Yizzymenu3....0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-10-2024 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yizzymenu3.PNMu_O27.5.0.exe

  • Size

    78KB

  • MD5

    1c89810efb6940a313a1c4fe4dc0becf

  • SHA1

    c24f3be128e54d65bc4a0307c2b6b7fe15a7ef02

  • SHA256

    5f037f6aa2a4f018d462a0b636bbce9ee0c5df16e2d4a7535e0b0539c19ef772

  • SHA512

    c4f92971ef66215b415a7d3c1de433dbec63c9f9d9e26c8822b3dc2041939e9a95c72f80274d3995d452a4567ca208cc8434fe6ce0c65af5c443860f12138eac

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+hPIC:5Zv5PDwbjNrmAE+xIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI5NDg3MDQ2MDkzMjI5Njg0Ng.GN6Nk1.90eLf8IhopBLV0mFSsHaYOzQGeDi8ASxB0uhPo

  • server_id

    1294871305002160199

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yizzymenu3.PNMu_O27.5.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Yizzymenu3.PNMu_O27.5.0.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3976-0-0x00007FFBC4243000-0x00007FFBC4245000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3976-1-0x0000021AB6EF0000-0x0000021AB6F08000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3976-2-0x0000021AD1640000-0x0000021AD1802000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3976-3-0x00007FFBC4240000-0x00007FFBC4D01000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3976-4-0x0000021AD1D40000-0x0000021AD2268000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3976-5-0x00007FFBC4243000-0x00007FFBC4245000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3976-6-0x00007FFBC4240000-0x00007FFBC4D01000-memory.dmp

    Filesize

    10.8MB

    Download