discordrat | 10bd36dfb4925ddfaee7db512b7817221de4d368e5f1a942a840daca7ee4d471 | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 17:03

Sharing

Report Analysis Logs

General

Target

Optimizer.exe
Size

90KB
MD5

f5403c35a45544ab22366678ba545300
SHA1

fa97dc6335393ecb5fa5a1a4486bc046928cab3f
SHA256

10bd36dfb4925ddfaee7db512b7817221de4d368e5f1a942a840daca7ee4d471
SHA512

1dd35b0740be1e67d6d0ce9612d7715d7b93ab256f15fe5b246a95d428d1529e80b734aebe97885924f909628b88dedcf5734d2771e2770178e57ab40ad5e77f
SSDEEP

1536:TbPjt72uOFmYskRPUAqtBTldwX0bpAkAfLgbGNrx+uexCxoKV6+fBOh:njtyuOFpskpgBTlukQgbGNrx+bSBS

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNDI3MzAzODM0NjM1NDg4OQ.GerhzH.p3xm93fNXhu50VVCX6HxIEAGe1ONaL8JVAXBGw
server_id
1314272379903414344

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 2488	1292	Optimizer.exe	30
PID 1292 wrote to memory of 2488	1292	Optimizer.exe	30
PID 1292 wrote to memory of 2488	1292	Optimizer.exe	30

C:\Users\Admin\AppData\Local\Temp\Optimizer.exe
"C:\Users\Admin\AppData\Local\Temp\Optimizer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1292 -s 596
  2⤵
  PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-0-0x000007FEF5DE3000-0x000007FEF5DE4000-memory.dmp

Filesize
4KB

Download
memory/1292-1-0x000000013F950000-0x000000013F96C000-memory.dmp

Filesize
112KB

Download
memory/1292-2-0x000007FEF5DE0000-0x000007FEF67CC000-memory.dmp

Filesize
9.9MB

Download
memory/1292-3-0x000007FEF5DE0000-0x000007FEF67CC000-memory.dmp

Filesize
9.9MB

Download