Overview

overview

10

Static

static

10

Client-built.exe

windows10-ltsc 2021-x64

10

Client-built.exe

windows11-21h2-x64

10

Resubmissions

01-12-2024 22:55

241201-2wf4hawlgz 10

01-12-2024 15:41

241201-s4269svncx 10

01-12-2024 15:38

241201-s23p1szkbp 10

01-12-2024 15:30

241201-sxv5dazjcl 10

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    01-12-2024 15:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    e8ff8d278de10cc2f7255b156ae2d252

  • SHA1

    c91554ef849852360499b82579ca0c41c9dfde21

  • SHA256

    08d4d8a882d74fa4d9525a5c78351bb3eba95f1c7d78f75c2f5d606715059e90

  • SHA512

    c9eb226331c00b915c5ff5b2b407aa6f31536b671bff1cf11aa512d3cd4a60d0c9db14e5e4aee554e74259fcd755e9d835a960838d679e389943be0f20f65952

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+tPIC:5Zv5PDwbjNrmAE+9IC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxMjc5OTI3NDI3NDEyNzkyMg.GOuWiR.FNWWDzhiZI-BJlCUAsWOf3Q5avMNCiFtgUWBSQ

  • server_id

    1307914676973076521

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4224-0-0x00007FFEC6C43000-0x00007FFEC6C45000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4224-1-0x0000013F54910000-0x0000013F54928000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4224-2-0x0000013F6EF20000-0x0000013F6F0E2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4224-3-0x00007FFEC6C40000-0x00007FFEC7702000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4224-4-0x0000013F6F720000-0x0000013F6FC48000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4224-5-0x00007FFEC6C43000-0x00007FFEC6C45000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4224-6-0x00007FFEC6C40000-0x00007FFEC7702000-memory.dmp

    Filesize

    10.8MB

    Download