discordrat | 10bd36dfb4925ddfaee7db512b7817221de4d368e5f1a942a840daca7ee4d471

Analysis

max time kernel
92s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 17:03

Target

Optimizer.exe
Size

90KB
MD5

f5403c35a45544ab22366678ba545300
SHA1

fa97dc6335393ecb5fa5a1a4486bc046928cab3f
SHA256

10bd36dfb4925ddfaee7db512b7817221de4d368e5f1a942a840daca7ee4d471
SHA512

1dd35b0740be1e67d6d0ce9612d7715d7b93ab256f15fe5b246a95d428d1529e80b734aebe97885924f909628b88dedcf5734d2771e2770178e57ab40ad5e77f
SSDEEP

1536:TbPjt72uOFmYskRPUAqtBTldwX0bpAkAfLgbGNrx+uexCxoKV6+fBOh:njtyuOFpskpgBTlukQgbGNrx+bSBS

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMxNDI3MzAzODM0NjM1NDg4OQ.GerhzH.p3xm93fNXhu50VVCX6HxIEAGe1ONaL8JVAXBGw
server_id
1314272379903414344

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1972	Optimizer.exe

C:\Users\Admin\AppData\Local\Temp\Optimizer.exe
"C:\Users\Admin\AppData\Local\Temp\Optimizer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1972

memory/1972-0-0x00007FF91EC93000-0x00007FF91EC95000-memory.dmp

Filesize
8KB

Download
memory/1972-1-0x000001DCFF0B0000-0x000001DCFF0CC000-memory.dmp

Filesize
112KB

Download
memory/1972-2-0x000001DCFF7B0000-0x000001DCFF972000-memory.dmp

Filesize
1.8MB

Download
memory/1972-3-0x00007FF91EC90000-0x00007FF91F751000-memory.dmp

Filesize
10.8MB

Download
memory/1972-4-0x000001DC9A8A0000-0x000001DC9ADC8000-memory.dmp

Filesize
5.2MB

Download
memory/1972-5-0x00007FF91EC93000-0x00007FF91EC95000-memory.dmp

Filesize
8KB

Download
memory/1972-6-0x00007FF91EC90000-0x00007FF91F751000-memory.dmp

Filesize
10.8MB

Download