discordrat | d38d52777b043c46f4f241c8a1eeda0d08b12505e25a8c1a397510a2ef4a56df

Analysis

max time kernel
4s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2024 00:05

Target

ImageLoggerV11.exe
Size

78KB
MD5

d47e60cdf412679d941d7b856de3c03b
SHA1

cf691f86748de092b9cc53e7b8dea2bbf93b5882
SHA256

d38d52777b043c46f4f241c8a1eeda0d08b12505e25a8c1a397510a2ef4a56df
SHA512

930dee3eaafbd97ca4f0e532232dd335924951cc15dc7869f7202b21906ad5648d77f98668020ea504462aecad268b61b47c1235e35c07ee5cfb0de227bf7498
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+IPIC:5Zv5PDwbjNrmAE+MIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI4MjMzMjU4Njg1MjYxODMxMw.GVoFcd.wdWPIpLUemPy5G5hca2UTsOqgZ9t0eCcUCVik8
server_id
1282332626874794170

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2948	ImageLoggerV11.exe

C:\Users\Admin\AppData\Local\Temp\ImageLoggerV11.exe
"C:\Users\Admin\AppData\Local\Temp\ImageLoggerV11.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2948

memory/2948-0-0x00007FF9DC683000-0x00007FF9DC685000-memory.dmp

Filesize
8KB

Download
memory/2948-1-0x000001EAD18A0000-0x000001EAD18B8000-memory.dmp

Filesize
96KB

Download
memory/2948-2-0x000001EAEBEE0000-0x000001EAEC0A2000-memory.dmp

Filesize
1.8MB

Download
memory/2948-3-0x00007FF9DC680000-0x00007FF9DD141000-memory.dmp

Filesize
10.8MB

Download
memory/2948-4-0x000001EAEC6E0000-0x000001EAECC08000-memory.dmp

Filesize
5.2MB

Download