Analysis
-
max time kernel
13s -
max time network
15s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
02-12-2024 05:36
General
-
Target
Zen Rat.rar
-
Size
26KB
-
MD5
01d69b3911f152aaeb3a3c7004dab0f0
-
SHA1
0667b4b6739bad28c0f0a087ff3bc7ecb214c261
-
SHA256
003ce89e51fcd3bd332c4b5f574876650c78339bedbf4d661e31bea9a879b58b
-
SHA512
d5ef02998a1df53dc713614bd25a33880770fe229ba1bf4a48fe218f6a070e51552ed70998893995c36366675e8976408c9e39774d5445e2c2d8d803cdb77c34
-
SSDEEP
768:RHMVIlezOqJi/d4C/VZOThn71HNopmFtE8:COlez1JGVZOTFvoyE8
Malware Config
Extracted
discordrat
-
discord_token
MTMwMTMxODY2MjQ3NjUzMzg5MQ.GYwf8e.IcE-jp2BE7W52CbMwM4846HglLAJVayo50Npgk
-
server_id
1301319073543753799
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Executes dropped EXE 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Zen Rat.rar"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\Builder.exe"C:\Users\Admin\Desktop\Builder.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
78KB
MD5264ac0106a61f2e12551c876b3ea1625
SHA128f1b2c1e32c37331908bfa0d946c988eae995e8
SHA256220440465457ae5b70a1b7110221d11ad306a5a3961d53632427a60e424bd095
SHA512a1e747d265b2938c439963953bd89abc7845fd0f9fd5119167e571bace8ca164f92c217189b503f966be656f3f1d48fcb750a0398879425cb93bbfa480a37b8a
-
Filesize
96KB
-
Filesize
8KB
-
Filesize
1.8MB
-
Filesize
10.8MB
-
Filesize
5.2MB