Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-10-2024 11:38
Behavioral task
behavioral1
Sample
Bypasser Bootstrapper.exe
Resource
win7-20240903-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Bypasser Bootstrapper.exe
Resource
win10v2004-20241007-en
2 signatures
150 seconds
General
-
Target
Bypasser Bootstrapper.exe
-
Size
78KB
-
MD5
7034301e3ac031e461bac41724e99e6a
-
SHA1
7bd734437f0b19c7747aba31052c483435daa752
-
SHA256
1c8b0bc47959a8a4ccf8f4fb503a4140e64c061b6caab1e7b928c57c8b384626
-
SHA512
08d372de93dc286e4cbb92985accec6bbe05d303a4b3bdfbfc8f9a52e32c53290f25559d2d2c1647f5b8f6eed3784847e8bbcaa8a6a7076a45c91ab1dce7bc39
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI5Njc5NzcxODY3NjUwODcxMg.GrzRRI.D-De87vmLBpcyR4TeswbQ1RxxK-0yfr_6Sp90Y
-
server_id
1296796257108365374
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2032 wrote to memory of 2372 2032 Bypasser Bootstrapper.exe 30 PID 2032 wrote to memory of 2372 2032 Bypasser Bootstrapper.exe 30 PID 2032 wrote to memory of 2372 2032 Bypasser Bootstrapper.exe 30