Overview

overview

10

Static

static

10

Client/Cli...lt.exe

windows7-x64

10

Client/Cli...lt.exe

windows10-2004-x64

10

Resubmissions

07-11-2024 06:52

241107-hnee6ayanp 10

07-11-2024 06:51

241107-hmnx7sxjaz 10

07-11-2024 06:49

241107-hlwawswrhz 10

07-11-2024 06:48

241107-hk3ctayaln 10

07-11-2024 06:45

241107-hjdcasyajl 10

05-11-2024 18:32

241105-w6ncnswcqe 10

Analysis

  • max time kernel
    92s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2024 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client/Client-built.exe

  • Size

    78KB

  • MD5

    7e60d19b97042f52c18c1d924aec839f

  • SHA1

    44fa1257c07125d6f2300145cde7e112db18d8e6

  • SHA256

    bb8a88f17cdb00aeb4c1edf3361b7d835ab7ca1de83c9b08a1b7a34d9197bcdd

  • SHA512

    09c1fabef784040dbc87b49994294ee104f72bdfdbdb705bbea0c21bddff376edfb7bb4195af148a00d6342e7c4703a585b085bcb4aaa6e8939d2728947e5123

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+obPIC:5Zv5PDwbjNrmAE+oTIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMwMjYzMjM5NzQ4MDc5MjExNQ.G54kHc.dXC4p2G7m3XikvtpmbIepFkTto52Uc1y1nNfUQ

  • server_id

    1302402013232894144

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4524-0-0x00007FF81EDB3000-0x00007FF81EDB5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4524-1-0x000002C0F6250000-0x000002C0F6268000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4524-2-0x000002C0F8820000-0x000002C0F89E2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4524-3-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4524-4-0x000002C0F9020000-0x000002C0F9548000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4524-5-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

    Filesize

    10.8MB

    Download