Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29-11-2024 14:29
Behavioral task
behavioral1
Sample
release/Shiroku/shiroku.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
release/Shiroku/shiroku.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
release/Shiroku/shiroku.exe
-
Size
78KB
-
MD5
20442fe34ac2570e6bbb92fe69dfbd26
-
SHA1
9c092e08c02df2316e2c97d32430a6decc52df87
-
SHA256
612fbb9fbd321b2d6bca79adb3260ea9841aba8310d94dd684446036316c59cb
-
SHA512
de33db34b3c2fe5319880e7047c94b4e4d8a9476431d7f2767bbdb06e33c662d9d157d68078f041501b89b7322a9b79e0da6cfed050fd0d27c0c875fc96200ac
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+uJPIC:5Zv5PDwbjNrmAE+u5IC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTMxMTc5NzcwMTMwMTUwNjE4OQ.Gr6F4k.AzdEIVOMlv37_pXR0yfV0reV3jL_xtYZTG3gy4
-
server_id
1311797279790731304
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1900 wrote to memory of 2120 1900 shiroku.exe 30 PID 1900 wrote to memory of 2120 1900 shiroku.exe 30 PID 1900 wrote to memory of 2120 1900 shiroku.exe 30