discordrat | 0b2000290c6a0593d4d38d48a3692e8695e48a3930ddbd599adb89939ce9fa48 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-11-2024 17:31

Sharing

Report Analysis Logs

General

Target

Executor test.exe
Size

78KB
MD5

e499b2f8693a8b95cb514e8da9292ba2
SHA1

9aa7621a61b55675d47dde93afffd5c93f8d0a45
SHA256

0b2000290c6a0593d4d38d48a3692e8695e48a3930ddbd599adb89939ce9fa48
SHA512

1ab1ebd37c1e1c0e42b8f163386cc958a7b10e2368e05c02a21a8868cd83bab50828cb72481df1547e71e4315e67e23cd0dd0ebd2ff6bf6c5071d6d0df6d78f5
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+qPIC:5Zv5PDwbjNrmAE+2IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwNzAxMTg5MTExNzI5MzYxOQ.GHliN5.TsiZzPneg4QB4RcWj3QXWwh4M8Oq8dVlYDzr0I
server_id
1307011262990782484

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Executor test.exe

description	pid	process	target process
PID 3060 wrote to memory of 2388	3060	Executor test.exe	WerFault.exe
PID 3060 wrote to memory of 2388	3060	Executor test.exe	WerFault.exe
PID 3060 wrote to memory of 2388	3060	Executor test.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Executor test.exe
"C:\Users\Admin\AppData\Local\Temp\Executor test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3060 -s 600
  2⤵
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3060-0-0x000007FEF5B63000-0x000007FEF5B64000-memory.dmp

Filesize
4KB

Download
memory/3060-1-0x000000013F730000-0x000000013F748000-memory.dmp

Filesize
96KB

Download
memory/3060-2-0x000007FEF5B60000-0x000007FEF654C000-memory.dmp

Filesize
9.9MB

Download
memory/3060-3-0x000007FEF5B60000-0x000007FEF654C000-memory.dmp

Filesize
9.9MB

Download