discordrat | 9c3a2642864d1680716134111aa3ce37cf1f99829a4d8301b4972230358389ec

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 17:16

Target

Discord.exe
Size

51KB
MD5

85f1a70f2760fc2b1c9dd2e11d178548
SHA1

c92415eb189ebb19efa29a1be6eeea7421d2eabc
SHA256

9c3a2642864d1680716134111aa3ce37cf1f99829a4d8301b4972230358389ec
SHA512

f5a8e36d502992f733dd5473d6146bd0a1b3f17a7377b62f2f628318cccf9cec236ea6bac268d9a4377ea12cd4d984f4b59553d4c5de2481bcb710f20d5a2aef
SSDEEP

1536:eblM7Vomh/iB3O0jMOnC5zMHSd94Mu9/f7WWLEI:ebG71/a3NPCOQE7Z

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI5Njg5NDEwMjY0NTkwMzQwMA.GffxcT.wWuk4gdi5T-RNzCLfFQ4XgAEMO4ZjpXcRu5E5Y
server_id
1293738586679672945

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Discord.exe

description	pid	process	target process
PID 2128 wrote to memory of 2816	2128	Discord.exe	WerFault.exe
PID 2128 wrote to memory of 2816	2128	Discord.exe	WerFault.exe
PID 2128 wrote to memory of 2816	2128	Discord.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Discord.exe
"C:\Users\Admin\AppData\Local\Temp\Discord.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2128 -s 632
  2⤵
  PID:2816

memory/2128-0-0x000007FEF59E3000-0x000007FEF59E4000-memory.dmp

Filesize
4KB

Download
memory/2128-1-0x000000013FEB0000-0x000000013FEC2000-memory.dmp

Filesize
72KB

Download
memory/2128-2-0x0000000000740000-0x0000000000758000-memory.dmp

Filesize
96KB

Download
memory/2128-3-0x000007FEF59E0000-0x000007FEF63CC000-memory.dmp

Filesize
9.9MB

Download
memory/2128-4-0x000007FEF59E0000-0x000007FEF63CC000-memory.dmp

Filesize
9.9MB

Download