discordrat | 0e89fe206e122ff6d77629a6f3f571940d0d58fc5443b122121ba8ff44ae9bee

Analysis

max time kernel
30s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-10-2024 21:14

Target

wompvira.exe
Size

78KB
MD5

8fa33bd052ca49d5db90e580f3707646
SHA1

08bff2f9b23632007d238c7c421bf65b9ae61e3b
SHA256

0e89fe206e122ff6d77629a6f3f571940d0d58fc5443b122121ba8ff44ae9bee
SHA512

507f3f9069a6e0e517fdf18a4c1f0c4c1eca00fc576054644519a6d759e50f00164c7389eddaed8dee2996b0bad08592f58d23eccaa4619ab7aa82e6d8840665
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+IPIC:5Zv5PDwbjNrmAE+MIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI5ODIyNjA4NTc1ODExMTc2NA.GNb0Gh.XD-VrD0uVCmr7b_dPeb0Cfo1NvodffqZZAe5Tg
server_id
1298179555571273738

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

wompvira.exe

description pid process

Token: SeDebugPrivilege 3628 wompvira.exe

description	pid	process
Token: SeDebugPrivilege	3628	wompvira.exe

C:\Users\Admin\AppData\Local\Temp\wompvira.exe
"C:\Users\Admin\AppData\Local\Temp\wompvira.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3628

memory/3628-0-0x00007FFC18A33000-0x00007FFC18A35000-memory.dmp

Filesize
8KB

Download
memory/3628-1-0x00000188F8C20000-0x00000188F8C38000-memory.dmp

Filesize
96KB

Download
memory/3628-2-0x00000188FB270000-0x00000188FB432000-memory.dmp

Filesize
1.8MB

Download
memory/3628-3-0x00007FFC18A30000-0x00007FFC194F1000-memory.dmp

Filesize
10.8MB

Download
memory/3628-4-0x00000188FBA70000-0x00000188FBF98000-memory.dmp

Filesize
5.2MB

Download
memory/3628-5-0x00007FFC18A30000-0x00007FFC194F1000-memory.dmp

Filesize
10.8MB

Download