discordrat | 1328da8b807ebecde5bfb38454d2066381d2d8cc53b52db4fd9b3154e071a941

Analysis

max time kernel
13s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 03:42

Target

rat-test.exe
Size

78KB
MD5

8453260bbda54ea828503fbe242d3e4a
SHA1

0692085c394328868f1ed2c5202a5c445aa545dd
SHA256

1328da8b807ebecde5bfb38454d2066381d2d8cc53b52db4fd9b3154e071a941
SHA512

ab1f0e1760b08b0788ba02034c3b36a924918409cde7e7384f075445d7ee6fb346d4b3061cc9201a318259ed3fab250c1899187e749b20f90fae773f0f010ed8
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+XPIC:5Zv5PDwbjNrmAE+fIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMxMDgxMTg2OTgzNzEzNTg3NA.GoYhw4.fCVdEg6FP2gBIXU2LsASNBIWMTYUSn50buSsSw
server_id
1124506689073324074

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3504	rat-test.exe

C:\Users\Admin\AppData\Local\Temp\rat-test.exe
"C:\Users\Admin\AppData\Local\Temp\rat-test.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3504

memory/3504-0-0x00007FFDF1C13000-0x00007FFDF1C15000-memory.dmp

Filesize
8KB

Download
memory/3504-1-0x00000204E5F50000-0x00000204E5F68000-memory.dmp

Filesize
96KB

Download
memory/3504-2-0x00000205001D0000-0x0000020500392000-memory.dmp

Filesize
1.8MB

Download
memory/3504-3-0x00007FFDF1C10000-0x00007FFDF26D1000-memory.dmp

Filesize
10.8MB

Download
memory/3504-4-0x0000020480BF0000-0x0000020481118000-memory.dmp

Filesize
5.2MB

Download
memory/3504-5-0x00007FFDF1C13000-0x00007FFDF1C15000-memory.dmp

Filesize
8KB

Download
memory/3504-6-0x00007FFDF1C10000-0x00007FFDF26D1000-memory.dmp

Filesize
10.8MB

Download