Analysis
-
max time kernel
94s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2024 14:30
Behavioral task
behavioral1
Sample
Bootsrapper.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Bootsrapper.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Bootsrapper.exe
-
Size
90KB
-
MD5
7eab793cd27c58b8c563d6a33a2f2a72
-
SHA1
24fc9a75389b6c115fff236ebd979264b0fd8f30
-
SHA256
6b8f247e784b698beb5f367db3e0d5f3948bf197dcbcf6d5ea16d4a08f0318fb
-
SHA512
f4d0c2f8c9fd9ba76a716b5eeab2e1db28235080a5b2822f3453567a1ec51347697edf859687393094332e2c01d5dc8667170cb4e4731b50afd79da14ee92e8e
-
SSDEEP
1536:IjvCBPyCGZ6wIopPAAqxhP51UGIfpAk0Wjgb2Nrs+uexCxoKV6+f3ky:WCBKCGZ1IoNUhP5qnRgb2Nrs+bS3ky
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTMwOTg4MDE2NTE2OTYzMTI1Mw.G_7Dxh.wsYSjBrol4khGDtnY_BBpyEe - H9AsmG2TfF5gs
-
server_id
1309880651683467275
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Bootsrapper.exedescription pid process Token: SeDebugPrivilege 1544 Bootsrapper.exe