Overview

overview

10

Static

static

10

94620a7635...c7.exe

windows7-x64

10

94620a7635...c7.exe

windows10-2004-x64

10

Discordrat.exe

windows7-x64

10

Discordrat.exe

windows10-2004-x64

10

F4620C0AFA...F5.exe

windows7-x64

10

F4620C0AFA...F5.exe

windows10-2004-x64

10

a2bc9b467f...23.exe

windows7-x64

10

a2bc9b467f...23.exe

windows10-2004-x64

10

unturnedHack.exe

windows7-x64

10

unturnedHack.exe

windows10-2004-x64

10

Resubmissions

24-11-2024 19:42

241124-yexs5s1rgq 10

24-11-2024 09:24

241124-lc6xtatmay 10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2024 09:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discordrat.exe

  • Size

    90KB

  • MD5

    d74728a955861daf303ff42c7f572d16

  • SHA1

    a73b4d871a4caec1700349de9b5f7dbf4ba59f7b

  • SHA256

    1f3b8599d811004b6d52d543e451555944c3c4dc2893d04a370a0874e99c82af

  • SHA512

    73c271de7061e53b91079636d99f1967ce922bf47c14539569b2f0f3a9b6628bc4cc1fd9a7d7cb1e10bdfc95c8ce49e0a0f3a815cf5810f44a5c2b35ba116e69

  • SSDEEP

    1536:ibPjt72uOFmYskRPUAqtBTldwX0bpAkAfLgbGNrk+uexCxoKV6+fEX85:EjtyuOFpskpgBTlukQgbGNrk+bSEXQ

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMwOTg3NTA0MzA1MTg5Njk1NA.GTR-3U.C7tazMXoRaSR--tVDMbQdoDKBw2f8bLXItZIRo

  • server_id

    1309876526615101530

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Discordrat.exe
    "C:\Users\Admin\AppData\Local\Temp\Discordrat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3176-0-0x00007FFF96F53000-0x00007FFF96F55000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3176-1-0x000001F5542C0000-0x000001F5542DC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3176-2-0x000001F56E8F0000-0x000001F56EAB2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3176-3-0x00007FFF96F50000-0x00007FFF97A11000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-4-0x000001F56F1D0000-0x000001F56F6F8000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3176-5-0x00007FFF96F53000-0x00007FFF96F55000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3176-6-0x00007FFF96F50000-0x00007FFF97A11000-memory.dmp

    Filesize

    10.8MB

    Download