Overview

overview

10

Static

static

3

Discord.exe

windows7-x64

10

Discord.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-10-2024 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord.exe

  • Size

    51KB

  • MD5

    85f1a70f2760fc2b1c9dd2e11d178548

  • SHA1

    c92415eb189ebb19efa29a1be6eeea7421d2eabc

  • SHA256

    9c3a2642864d1680716134111aa3ce37cf1f99829a4d8301b4972230358389ec

  • SHA512

    f5a8e36d502992f733dd5473d6146bd0a1b3f17a7377b62f2f628318cccf9cec236ea6bac268d9a4377ea12cd4d984f4b59553d4c5de2481bcb710f20d5a2aef

  • SSDEEP

    1536:eblM7Vomh/iB3O0jMOnC5zMHSd94Mu9/f7WWLEI:ebG71/a3NPCOQE7Z

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI5Njg5NDEwMjY0NTkwMzQwMA.GffxcT.wWuk4gdi5T-RNzCLfFQ4XgAEMO4ZjpXcRu5E5Y

  • server_id

    1293738586679672945

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Discord.exe
    "C:\Users\Admin\AppData\Local\Temp\Discord.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2288-0-0x00007FFF96F53000-0x00007FFF96F55000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2288-1-0x000002704D530000-0x000002704D542000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2288-2-0x000002704F0A0000-0x000002704F0B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2288-3-0x0000027067C50000-0x0000027067E12000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2288-4-0x00007FFF96F50000-0x00007FFF97A11000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2288-5-0x0000027068350000-0x0000027068878000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2288-6-0x00007FFF96F53000-0x00007FFF96F55000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2288-7-0x00007FFF96F50000-0x00007FFF97A11000-memory.dmp

    Filesize

    10.8MB

    Download