discordrat | 9ca545ac2728ff10ef06d7eba42ffd1f5b27355c492f131668de82336b589232 | Triage

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-12-2024 21:04

Sharing

Report Analysis Logs

General

Target

logger v1.exe
Size

78KB
MD5

f1ffc2fa8a465e4bd24cd05021ba298b
SHA1

c9bda65eb3d94b56838aea98745a33f412a435ad
SHA256

9ca545ac2728ff10ef06d7eba42ffd1f5b27355c492f131668de82336b589232
SHA512

21f9da50cd6e7e3c2930903b8fba997583620b46c01a478b7033b6578b95f50dac6915c14982de4e5c6f4e0b796cc9f70c8df7bd3c31102e1fadeac321df2f69
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMzkxNTc4NjI0NjQ4ODA3NQ.G1jyFT.icV6dfHPP-379qiHUUR3NgR8bT8s4Qw4Hgv5zE
server_id
1313915888793157672

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2912	1648	logger v1.exe	28
PID 1648 wrote to memory of 2912	1648	logger v1.exe	28
PID 1648 wrote to memory of 2912	1648	logger v1.exe	28

C:\Users\Admin\AppData\Local\Temp\logger v1.exe
"C:\Users\Admin\AppData\Local\Temp\logger v1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1648 -s 600
  2⤵
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-0-0x000007FEF5DA3000-0x000007FEF5DA4000-memory.dmp

Filesize
4KB

Download
memory/1648-1-0x000000013F3C0000-0x000000013F3D8000-memory.dmp

Filesize
96KB

Download
memory/1648-2-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1648-3-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download