discordrat | bb5245457e1af7776308724d3eb6981e650f716eae2929e8042c18e86bf26e2a | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 19:58

Sharing

Report Analysis Logs

General

Target

dpsanalyzer.exe
Size

78KB
MD5

7a0b50dfa81471ef28bada42f9fbb32e
SHA1

4c10381b9a9603fc50046e4f74cf84482ef07958
SHA256

bb5245457e1af7776308724d3eb6981e650f716eae2929e8042c18e86bf26e2a
SHA512

c20a0dbbb642fa62a11c3f489b1762c2389f6f8611071caf89d39d2beaf150a312b9d2b3be6c67555dbf92ddf183aec8ef6fa8a6c5d71e11b02c4b25fa1b34d0
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+BPIC:5Zv5PDwbjNrmAE+RIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwODExMzc5ODUxNDYxMDI0Ng.GKIvuY.CyDijnBsn0UftGwjKwdobdz4Hu9LFigLmxLapE
server_id
1308114080418107413

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2804	1664	dpsanalyzer.exe	30
PID 1664 wrote to memory of 2804	1664	dpsanalyzer.exe	30
PID 1664 wrote to memory of 2804	1664	dpsanalyzer.exe	30

C:\Users\Admin\AppData\Local\Temp\dpsanalyzer.exe
"C:\Users\Admin\AppData\Local\Temp\dpsanalyzer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1664 -s 596
  2⤵
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-0-0x000007FEF5EF3000-0x000007FEF5EF4000-memory.dmp

Filesize
4KB

Download
memory/1664-1-0x000000013FBE0000-0x000000013FBF8000-memory.dmp

Filesize
96KB

Download
memory/1664-2-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

Filesize
9.9MB

Download
memory/1664-3-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

Filesize
9.9MB

Download