Overview

overview

10

Static

static

10

Optimizer.exe

windows10-2004-x64

Analysis

  • max time kernel
    111s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 16:57

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Optimizer.exe

  • Size

    90KB

  • MD5

    f5403c35a45544ab22366678ba545300

  • SHA1

    fa97dc6335393ecb5fa5a1a4486bc046928cab3f

  • SHA256

    10bd36dfb4925ddfaee7db512b7817221de4d368e5f1a942a840daca7ee4d471

  • SHA512

    1dd35b0740be1e67d6d0ce9612d7715d7b93ab256f15fe5b246a95d428d1529e80b734aebe97885924f909628b88dedcf5734d2771e2770178e57ab40ad5e77f

  • SSDEEP

    1536:TbPjt72uOFmYskRPUAqtBTldwX0bpAkAfLgbGNrx+uexCxoKV6+fBOh:njtyuOFpskpgBTlukQgbGNrx+bSBS

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxNDI3MzAzODM0NjM1NDg4OQ.GerhzH.p3xm93fNXhu50VVCX6HxIEAGe1ONaL8JVAXBGw

  • server_id

    1314272379903414344

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Optimizer.exe
    "C:\Users\Admin\AppData\Local\Temp\Optimizer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3176-1-0x000001C39D900000-0x000001C39D91C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3176-0-0x00007FFD31403000-0x00007FFD31405000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3176-2-0x000001C3B7F10000-0x000001C3B80D2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3176-3-0x00007FFD31400000-0x00007FFD31EC1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-4-0x000001C3B8750000-0x000001C3B8C78000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3176-5-0x00007FFD31403000-0x00007FFD31405000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3176-6-0x00007FFD31400000-0x00007FFD31EC1000-memory.dmp

    Filesize

    10.8MB

    Download