Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04-12-2024 07:43
Behavioral task
behavioral1
Sample
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
Resource
win10v2004-20241007-en
General
-
Target
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
-
Size
78KB
-
MD5
753e87f5c4964def0fda955a4c843788
-
SHA1
c73d5c34fbeeaf2cddfa13b303a823221c580062
-
SHA256
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab
-
SHA512
fa6c7a4d01735c422bb5ee89ba955dde6dd3e290156ceea6b7f2abd786da1741947ec6b0b9d494ff516ced757ff0a23941552f9854312c216437b0bd3a5f5a84
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPICB:5Zv5PDwbjNrmAE+8ICB
Malware Config
Extracted
discordrat
-
discord_token
MTMxMjQ0NjE5OTc3MjYxNDY3Nw.GhABBF.61anJPM9L_52V7MlH_CpTqsEUtXmZZkrQXQgfw
-
server_id
1141450322020139008
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exedescription pid Process Token: SeDebugPrivilege 3976 339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe