discordrat | d2ca967b6093ef03d38960444b4a9d9e30f332bc7ed86920096ea2310f32392e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NitroGenV3.exe
Size

78KB
MD5

508bbb8bf4efac317cfd1d9532bdebfe
SHA1

a145b6ab1d5543097ca09c7b936d532f718bc087
SHA256

1fd008d0c903210ebb97f0c7d15a2b03bbe28e5fc3ac296e5482f6926e3ee17e
SHA512

7e3dd45677be1df9c8c8a6e65e75454a9798eddaf8a6eb2db8207fe4f6e99378a7e87e5d8ee23dae403854aa19c0122ed97668567909cd60db6f6d1f376036f4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+hPIC:5Zv5PDwbjNrmAE+xIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5Njg1MDA0NzU2NDkxNDcxOA.GrJUg1.lgWsOKN3lnatoZgt8R8bNns8frpVGolFi2OtF8
server_id
1196851278773485601

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
31	discord.com
10	discord.com
12	discord.com
18	discord.com
30	discord.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4660	NitroGenV3.exe

C:\Users\Admin\AppData\Local\Temp\NitroGenV3.exe
"C:\Users\Admin\AppData\Local\Temp\NitroGenV3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4660-0-0x00007FFCC03A3000-0x00007FFCC03A5000-memory.dmp

Filesize
8KB

Download
memory/4660-1-0x00000242AD730000-0x00000242AD748000-memory.dmp

Filesize
96KB

Download
memory/4660-2-0x00000242C7E90000-0x00000242C8052000-memory.dmp

Filesize
1.8MB

Download
memory/4660-3-0x00007FFCC03A0000-0x00007FFCC0E61000-memory.dmp

Filesize
10.8MB

Download
memory/4660-4-0x00000242C8690000-0x00000242C8BB8000-memory.dmp

Filesize
5.2MB

Download
memory/4660-5-0x00007FFCC03A3000-0x00007FFCC03A5000-memory.dmp

Filesize
8KB

Download
memory/4660-6-0x00007FFCC03A0000-0x00007FFCC0E61000-memory.dmp

Filesize
10.8MB

Download