discordrat | fe6765057d6450e40490f94064a5fc0b074c62d2f6080fc1b3d8e9747c6214e8

Analysis

max time kernel
97s
max time network
103s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01-12-2024 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

cd92dc0ece8c10cd8ba6a5590ecb8408
SHA1

dbbea74031adf85e0356772e2c58d3152e9bd357
SHA256

7cce0dc8fe5f2449e4d4357f3bfb759e3ea454735e2e413d03c84526c8002c40
SHA512

a94f2a1030f8eb282a504312e9623c23f00d4d649a3e1568bfedc276da307a542888945f2ad3494150cbe29e0be95361b0f90ec461a71eccace26a233ba5778d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+NPIC:5Zv5PDwbjNrmAE+dIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMDIyNTc5MzIzNzkwOTUyNA.GO7zwM.BLjqjzDn0kcO7VsPUa5W6XeYU7X3NlqlEDHvk8
server_id
1160151795734163526

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

Processes:

flow	ioc
11	discord.com
12	discord.com
19	discord.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Client-built.exe

description	pid	Process
Token: SeDebugPrivilege	3064	Client-built.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\BlockStop.docx

Filesize
14KB

MD5
0870dc67ba1f079f44d7decb54e4c699

SHA1
e62f03de056627342171b942f403703f90e2ec63

SHA256
b772e4b3e7b71e3d31f3c0c6400e0046a78015fca72e3e3211e1b2627fa9a988

SHA512
fa11942a88469d339b0f72a4057ae217b3bfe6756bc5d5892321cb9865243d136567acfe523c625079875fba7083ae29ad2fd81201c6b652b698b186974a2cdb

Download Submit
C:\Users\Admin\Desktop\CompareExit.m3u

Filesize
297KB

MD5
530379e5ef44f57fcdb65fd25ad1493a

SHA1
3c256753d13c5bd41f89ee011718684c363a9ce3

SHA256
c533d1802ee369879ad65275039389d21da42ce375ead6f425d79558c8db63bf

SHA512
da3e1bf7f42d83fced05e5cdac57fd0a0e705e5dc89c18c5853821e04497002e9b95b84b34054468a609ecb7114464fcd8a419b55dd83d98bfc6363d1d96af8e

Download Submit
C:\Users\Admin\Desktop\CompareInitialize.xht

Filesize
267KB

MD5
f73594d93583b8895361564286f528fe

SHA1
4aaeec6611eb5be777f8f133d3b0d0a08b437f45

SHA256
49e27cc0942ec5b9a4e52dd7524155a64a427b987b5fdd1a949e75ad798d479a

SHA512
73adaa1bdbe3d933a9b8fbb385eb4c2ebb9f4957b1c337a9a5ab76889ceee0d548e1c38a39ace969e9d8ff0af6db3594fe2639ebc8f38d63bee6b445628e220c

Download Submit
C:\Users\Admin\Desktop\CompleteRegister.asf

Filesize
219KB

MD5
4cc4af4a21a6882babc725bb249eaeb9

SHA1
062e06cd38329efd7aafb5ad4befe3b7ea15ef1b

SHA256
df9b3b04c792b795cfac92ac7e8bc150f3696ce123fab3824643dd48cb74eef7

SHA512
6688808fbe76105a7b8a4f3bf2b3e248d9e331fa5370510f7271db47a7975069821991262e6a8a703e8876451ed450996dd3a7bd90db37d3577c74c03e7859fa

Download Submit
C:\Users\Admin\Desktop\ConfirmDismount.docx

Filesize
15KB

MD5
ac44f9bf45ad8f728a243fcad42a021e

SHA1
eb41ad0d70ef30c0bddcf19699958585e991267a

SHA256
e15f7af411ad7725e5f17f78ca74a470a17f5946433dbdc7e7548c84bb0f0526

SHA512
ec694c42de594f2733a9d05fc1fe13567377eae10637853976148c16101e52d6788e831a3fd9fef6d3f1a5221f90445e1d81cac47873d93ce4eb48e83c108e16

Download Submit
C:\Users\Admin\Desktop\DisableDisconnect.potm

Filesize
345KB

MD5
704ea90f967eb2b16385059ccf59b443

SHA1
8b46b0d897a7a61974d60d66eaa523e47712e81f

SHA256
8663c0bba01c87c3a101a577b8be8b0200bce2f1cc9ce71f8d47c95457c6d1d4

SHA512
df0df3754e61ab8872e666d0b345dcc2e05fb71a9c845f0873d2d62c964d95c1bbedc917f9235991ce723de848a20d9105140a936644712dcafcb21836bcd016

Download Submit
C:\Users\Admin\Desktop\EnableUnlock.iso

Filesize
375KB

MD5
f7a337eb2150fc54c386bd3a26b7a3e9

SHA1
6c704db8b4b824f5fb0db5472c1b0e9fcc8d9b6a

SHA256
3df0311c8a2efe227417269e5c8827cb91db9032accba0328c32eccb72ad9d10

SHA512
d1df8ae7f89a06abc4c87acadb1b0222dcf1e94762c0a0055c53da4a1a2f9d50718c23122a6c6e936355f5216f6c0d23cd5b0c2d7c73c351b4d91408bfd1c11f

Download Submit
C:\Users\Admin\Desktop\EnterAdd.ppt

Filesize
336KB

MD5
12a108b59f73ae7037967f816202cf5e

SHA1
a99c7c7ffa6a7a47ccac869965d74f1974e05e40

SHA256
74153c1e0c96e4fbe116787f5d4e729dcf24bc24c086a738119d43e113017761

SHA512
5ab36a4d646b633f286dd791ae6dca8f13cfdf666b2ad720df10af837ede036738bb6abe0758f4042c91f5a508a0d85eb8e8d3fbeed42ffd2562e9586dee1d6e

Download Submit
C:\Users\Admin\Desktop\GroupOpen.cab

Filesize
316KB

MD5
93bb4ae71daa113d0d6fce5a2a06c9f8

SHA1
966f9c70f3afdf2f20e26963d9b74261fab07d92

SHA256
6a9f60dc63cb4c9ca405af0a4e91c15457d8a3f86200b54cceb70d66b0e5a340

SHA512
7a3e52171a10d0aad33d3d0f2eff032bda57dbf960ed1ae9f7c8a41bb91e75c1cc39c482aa89a8052dd9118e06b3f7575b9208911b227c68721453932876c002

Download Submit
C:\Users\Admin\Desktop\ImportTrace.vssx

Filesize
199KB

MD5
988a87e3112307422b89389e1699b3e5

SHA1
6868b31d48b83f2a6a9d65032d8ad9fbb92a3d8a

SHA256
6b68a5ff24282733c0e2c8aee1d8c910bd01b2ee1c35115b4bca0788a4c0b6df

SHA512
2a43876c13bac6d25d489bc36a4ac572a084496241abfc60e5aab1667aef48f2d72111f8ce31ce68fba65d7bfb58ae3c3c7d9b8a80fe96bf8099fbb08213e89d

Download Submit
C:\Users\Admin\Desktop\InstallSet.xlsx

Filesize
10KB

MD5
bf8ca82d316fe7f84b41269b044cca62

SHA1
0572425718abcc08c71264850e27a213bb13afac

SHA256
912791dd629ba9ec1bc1f961ff0d17a7ca91bd52ead86b093991afa18c34b832

SHA512
8021f77fa96cc00abf77df02a6c3f035384aefebf10fc9465f1a12c08e8101e47b7ba0f805bd7a43378b8ad90716b5a4e793174637f8db524b4bb616ee494f3f

Download Submit
C:\Users\Admin\Desktop\LockExport.xltm

Filesize
160KB

MD5
98e391b70cb817b69fe8b3c9af668d82

SHA1
db818cf4f81b1ac5acf31711a8c6e64851b17930

SHA256
81db93fdfbb7d464b24f6d1727077dd43baa4896a07a766344a10c7374b52fb6

SHA512
c8fd1b563ce6776a8caa6c5dbafb0f80802e68cacd4ee1fc08d02ac981c1d370167aa0d87fdb86d9cb737809be25fdb9362acba835f1d2c1d596038e75319839

Download Submit
C:\Users\Admin\Desktop\NewInitialize.js

Filesize
180KB

MD5
f4768357831f9bf218584c01b7bf3bf4

SHA1
ab53ad87ac7404df0cbb2d4e3ae38be72a2b7614

SHA256
69ef4f9463242520b94c3b5feb5c90fb67beb6ba4be9f096333331a9622f7a07

SHA512
dc3ab32241751b04896d4cfcf941c05ac097cd3c98a7515bdba1bfbd7eed4ba7320dd9241cba27058b1cc6fbb155a5dd6f0db7af0ddbd0d3245a38868a528448

Download Submit
C:\Users\Admin\Desktop\OptimizeTest.wmf

Filesize
365KB

MD5
9983cc1105b08f2648ee35244a6db033

SHA1
871bd3a97a3eba5e15c9ad6142734d538f995a37

SHA256
eec6f2928dc3b667a6ce85ddaa78d3274864666ed1023f8f6397c4c8778fa0d1

SHA512
5833deeccdabbd9693fbfcb6982277e70ae49715323583fb998c4f14296f4aeeea4604049b81e2c6a426fab50529979356ddebf6de040d648504a4e6180d4cef

Download Submit
C:\Users\Admin\Desktop\PublishNew.vssx

Filesize
554KB

MD5
3eb20a68f99c04b2577f01b0adc81b26

SHA1
bcefbd0d026e264999d236f689aa266c6703ec39

SHA256
ce14ed1c552e5e54eb4c8d537507705df02224a37ac42bca62b5af15d57e2368

SHA512
1cf152cac03ff600831957d4d4a2084edf0713ae085471b4d79de551c7ed98aef3026d67236e3025cb357c3817986211d70ee7ef36be21909405b069a8b593f3

Download Submit
C:\Users\Admin\Desktop\PushInitialize.doc

Filesize
170KB

MD5
e80235fa846dfd4c1a222774bb4b6805

SHA1
22537291deea95822846de1b4c60b54a65a1534b

SHA256
271643a0112f1ad14844f861566ee3b91fb3da19878d5fd705450022d90ee44b

SHA512
b85093ad44653453c716ac6cfae9236a920daedd7ffeb47dea6ea50e732ebd3d58dc2b94d2aef50bbaf13807af62cbce696f2212f33c8dfd8dbe4419781ed8dd

Download Submit
C:\Users\Admin\Desktop\PushSwitch.jpe

Filesize
248KB

MD5
15aca360042b9adfc0f011c17978570c

SHA1
93919b6f2016f66e5b6f7d0d9a006a0a60e73b8b

SHA256
d17131befbd8eaa2a4034e7452c40cc332f777bd95210cc44cdb06a609fbcd9c

SHA512
e7cacbdd8c85043a3eff79882efc5c25b42df73bc3efacfb3a55e1e1fc0fb2a1dea3f874d09d9a428f794deafd59753461e13fe5ee66004dbb5280558ac2960e

Download Submit
C:\Users\Admin\Desktop\PushTrace.emf

Filesize
150KB

MD5
a911fb48f221aa49c9e0051594eb6f98

SHA1
bd2c4a3f5f78a74a9c0fc320ba70b488a010f1bc

SHA256
94a9513e567de52f0f65541e8575d27ae729b122708dd6a6a03dd6f30d25aa10

SHA512
79f443cc99391a9be1c69f7f4dec9be5e85c21307e8df45d92d22e7af2e24f1d8bf9ae327d03851c7c0da7dd9704b0c4e30247c1943c3af18c0970ac37f6f677

Download Submit
C:\Users\Admin\Desktop\RedoUninstall.ram

Filesize
384KB

MD5
8a890368db116963e3e4a13375509f53

SHA1
17ac6130547618e0644c922d550f071458c985a5

SHA256
ee988f6084b84fa07b9dcea37a7f91b0d199ad551ed1b7aabc4c0744ee27cab4

SHA512
e583aa9d3767683c0434e8976e8acbd4fe7e38740e1e822ae9fbaa099a81e453c3192ffd51ff33572ac52e2a12ce343e56a8423e826be0df6f8438728fcd207d

Download Submit
C:\Users\Admin\Desktop\RemoveRead.odt

Filesize
238KB

MD5
6a1ec63d46497abf74579cb80c3c4598

SHA1
3dbcf38d17da060cdca359175585868eaccf5cc5

SHA256
c9df31dbb44a7d1a40f09c1254feee7b49c2a7b488069bc11ae25abf23e8f64d

SHA512
eb82bc7311a0924e87df2f80999a231fe6bd369f53188e9451f6b37e675bbf38b2198af3d505a18383b756aa5dd0848894dda564286ee24cebc7af45679d3b11

Download Submit
C:\Users\Admin\Desktop\RestartWait.dll

Filesize
209KB

MD5
7eae492302e3529321d7dac5e5065c2b

SHA1
16991086a1b58313343131a32beda55a0437121d

SHA256
685c0589b9d9f3f6e8cdb9bf6e4e69186094859d0e884cf3657c4b0cf8e4e9f7

SHA512
91e61efe5a93c097b6e8fa598f8d197ea1d51765e4bf950d9636a29b813343b5ff70b52e7e2f04665cbddf5f7b25248c63bf11605548cc4dc40e7a985495a2cc

Download Submit
C:\Users\Admin\Desktop\RestartWatch.xlsx

Filesize
11KB

MD5
e95c32f64b4c842721d718fa25f42718

SHA1
e164e9a941354ccdec16fbc858666275a0ad1093

SHA256
0c0badcc4b08511fae8d3d5d05dc535d40d481cfa6c802cbc4b9b79ec77aba39

SHA512
2d35a9082ecb7a58dab264cf9b5cbf262b2b578a3c2b80416722ecb216c3e9343b043c8168fd801e1e3292e9d70860bcfea6628bb1deaae689a405090ebc3853

Download Submit
C:\Users\Admin\Desktop\RestoreRedo.docx

Filesize
19KB

MD5
f3c876ba598ed5849201ad434a16d995

SHA1
2aba5e661b14e78392627f8291f34060faf7c4f4

SHA256
631a34799c0510c9eae63563d7e46c04922c2a2fe1842a2a6e477a9340ebae1a

SHA512
85e7873eb597c0fc3fdab78834c0feb9d15767fc4352212a243490b33e7750556ffe922779e464a3fe31ff9100f73aaffe6d51897c83ad8f4d1b648ff7f8f2aa

Download Submit
C:\Users\Admin\Desktop\RevokeUninstall.asf

Filesize
355KB

MD5
d02063ce45ec4ef9bfe30eadf8929d42

SHA1
d152b6fdd52fa71fa37c855d8c0b6b6c9e82e3cd

SHA256
c9e2a8977bdd840616d73c3325b33616b8a7124e5ac6812d02e10cd163ddcb10

SHA512
139e92ef444aca42b8f62268e6bfdfae2c0e3f52c2ea0bbf0cd8a8e185df36b2f27d11574182630011cfffb3df7550a916ef9db8121d478a4dbb3016d68c4a3b

Download Submit
C:\Users\Admin\Desktop\SelectLimit.reg

Filesize
141KB

MD5
4c03e6861adcdb2597e0a4e83ecd6e75

SHA1
67ac9591a23aa91f468c6a33b709e5fdb83924f6

SHA256
9173ed46509e2f4de3910f10c7f177a16184eb0e5e1cdae823570a456921736b

SHA512
1e5fb1d8d37377ac1c8bed0e7bf60dd6f9ca77e06531e2993badfc206e57f8686b84de53ddf9f30e63a9cd77fe657510c6a78acd1fa05b0276421e7cd6e22218

Download Submit
C:\Users\Admin\Desktop\ShowCompress.ppsx

Filesize
228KB

MD5
c4e950fffc5dae61d47a835c6b1985d3

SHA1
b23bdca5515b7653c0283cb1feec66a2a11d8eff

SHA256
2f2872818999c1b401d94b6b263b4814c9fcc4f51ab80cd246c579ec7207a473

SHA512
012f5d5421a993a8782761fc7a0472c5e587d307426daec632e0aa72c0a6bb8138dbac16c2d8a26d6ba3cf87d7ecb1c3b337bc44dea9aec85be9b87fd059b43a

Download Submit
C:\Users\Admin\Desktop\StepInvoke.cab

Filesize
404KB

MD5
7e4e81ae3e2a84efffe26080e69fbb35

SHA1
e2dfe818b080cd4c953d37aa8f57dd06504c6b96

SHA256
4f9ac176238df068006fa80c3f1a914ae4d6977d67beea3b1c20548e2ca32cfa

SHA512
d49f017b575a97c86fd26f86877206bda19f599aa365547196d30b2e738533cfcda1b6b53b604bc21ff312b7119224b16ea88e77c7db84a1e863159af204961c

Download Submit
C:\Users\Admin\Desktop\StepUnlock.mp4v

Filesize
287KB

MD5
85bc3e28bec5c974afaa77aac526c44b

SHA1
58fcd7b732b087ddad381360a781f960d40ec546

SHA256
08144b6b3d40d62fca1a1f8305497a4e03fa98ba3077d0ee7d64e59f01d76cd9

SHA512
7120fdf6530306816cf4ef40096d93c27d32cf33fe431bbc93cc1929f2e5a197a2bbaf07fbfba160673497cbe28576be0e72bad2eb76b5e07039f5f0edffd95e

Download Submit
C:\Users\Admin\Desktop\SyncOut.nfo

Filesize
277KB

MD5
8d0b07d091317783705e58653629b10a

SHA1
66a5ad940f8dd9a7b20b399163a95e83abf69795

SHA256
6cb4e1483d14fea901de84735611fc6c8fa68391557fdfdb0354657b3cad3c0a

SHA512
5a3ebb70268686e04bdd0b18a4fc55cdb6770fccd0691feec92eec3bec88e962d7d2602e185720f0642e4171e04a5284f23b84a1c355960ba4d2524fdbf3bab9

Download Submit
C:\Users\Admin\Desktop\UninstallClose.inf

Filesize
258KB

MD5
8a8695eff3827db6a8b77b17785f4e5b

SHA1
9e89fef334c4235b7b730938fdde75ebe34e1b8b

SHA256
ccb85fbea592518f2ffa3510b3802c51327632774d6a379767a02871cc4cf6b4

SHA512
0ac5e8d929ec2de3f45e72b9630f5fdb0c8e7b6b3b04826f219dcbd4e36f8381f3130c091cc88ae7ccbf390b7694e159be5d8dddabdbb5abf6330a8825e92b73

Download Submit
C:\Users\Admin\Desktop\UnlockBackup.bmp

Filesize
306KB

MD5
50a8dbb06fde10784abde0a801c9f3b9

SHA1
940220a9279a950441265a662551aa0bed7de6cf

SHA256
ec7540c01e0e7bb8f1d50402dde22225b8e01c07503eca3affa8c2cc9806b9d1

SHA512
dba1f3dfe4a50369dbfb93919dfb9f880dd7e62037c7e51878372070fa362e57314d1f3037b23bf9286c9a846734bb8adb35e5ddd4c225e2a9f6a51b43da664f

Download Submit
C:\Users\Admin\Desktop\UnlockInitialize.asx

Filesize
394KB

MD5
2abe45057b0fe27589f3f82b441c6f43

SHA1
89367386372d0a6e7e13a98618abac1654d75c5c

SHA256
6e8b030e01e0869eabd323b365eabb27dc4040a5dd31e20169b1f3fea83e1233

SHA512
2a2fd2ed1217ca457cedfc9da352c86890ccc9919fbf5f1366707c3cdb7b4e7d8432b2fef5d9e9fcf0517105f08f6f63ec507cf0c4484a7cc448a58968466946

Download Submit
C:\Users\Admin\Desktop\UnlockPing.odt

Filesize
189KB

MD5
cae12d9a93e0ae7bb9be6711e2d33988

SHA1
d94276265ea3865c59a3fc2e226a655da10ab3c3

SHA256
6060a085daf18bce42e00590b6e554b41f7049df76672f853a919333b8c005b4

SHA512
028a3880c6aa76c8f452eb2dc81b8c9f76cdf9b603fd448c9d360e7882f355bb3f1fa5496aa8eeabef107a6433b4901172532c29e87e62ec81f4352bf8a7147e

Download Submit
C:\Users\Admin\Desktop\WriteUnlock.eps

Filesize
326KB

MD5
8d1bb1fb979a19732fda5ff51bc79a67

SHA1
08da47c94aed6b48d7e2295ae58ca71bb3b90816

SHA256
01051712191bf160202458ac32cb945c6de871aa2cff4069ca42b60dba7879bd

SHA512
c6e4c26233da852a8032da0c5600beb7e41cc7e586fea18fca328b46d8bebbdd02b57b0313f41517d29453c542278175ba668ee997a78104598a33bf6c51de5a

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
ca7d7a322a8623c0b1ebf7aea40c73bc

SHA1
258faa924b9d8ab7496888a0d755b778258930e9

SHA256
c62e0c0d7acd363f5477963f4ddafdf3156723ec3806b7883b6f1fc3f20941d5

SHA512
ba7e4145840bd45a7e074fbbee44a283ac5b49157fabe8f1eca7fb077b7e9d5ed8375cdfe9a66fd5761c267c6ae82b8d2f0535ac5b3c79e22b0b74bcf07e410e

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
a3b11a568ad9943b80eb6229c1b32cd3

SHA1
c68234b806ca5c4ce1b145a6e6a7efcfe76edcca

SHA256
9f058ee00e262e4718cba1637f42e4a58f092f7749fdb8973edd060ce415584f

SHA512
5919624eef220d99fe062042e5c158eb9f54bad0c10a2a4badc0f2eb07d1e6ca72ff38ff0f65cd168fd42b159c192c4b8ae1817c3981fb8099880e02cb221c93

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
e8b0e66fd86e6ce5295c2990e8efe6cc

SHA1
cc257e50ef50e14692445b7613d2b8030b56a407

SHA256
daf7886bd86f3b16004d68c0c77d40c0e9b57108e582953e08ae25d5b0eccf39

SHA512
64d0c16b1cdc0f12d521e73abeb98e9ce3325eba45c34e96ee946cd7bcd461de8d72901ddffa53e87fdbd2e8b54732655cac0e23f2fb38668d4c4b84c1788887

Download Submit
memory/3064-5-0x00007FF8E6F40000-0x00007FF8E7A02000-memory.dmp

Filesize
10.8MB

Download
memory/3064-4-0x0000017EC8880000-0x0000017EC8DA8000-memory.dmp

Filesize
5.2MB

Download
memory/3064-3-0x00007FF8E6F40000-0x00007FF8E7A02000-memory.dmp

Filesize
10.8MB

Download
memory/3064-2-0x0000017EC8080000-0x0000017EC8242000-memory.dmp

Filesize
1.8MB

Download
memory/3064-1-0x00007FF8E6F43000-0x00007FF8E6F45000-memory.dmp

Filesize
8KB

Download
memory/3064-0-0x0000017EADA10000-0x0000017EADA28000-memory.dmp

Filesize
96KB

Download