discordrat | b3bf1cabe7e98e7120e69d3d5c63cea55dd9345aa9facae7a97a84134eaf1984 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 09:01

Sharing

Report Analysis Logs

General

Target

047501531983682c470ca7560077477a.exe
Size

78KB
MD5

047501531983682c470ca7560077477a
SHA1

99d90e9b66320b9c08e9633607f15743f7d4af7c
SHA256

b3bf1cabe7e98e7120e69d3d5c63cea55dd9345aa9facae7a97a84134eaf1984
SHA512

47e76b0d14c5d2f601b087413bfa9ba6a00ea11a9ec6666e4787c926b0a2df92da313ed4fe6736913d623de21683ea876006eb43d75a10cd5902be6a2b662bab
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+JPIC:5Zv5PDwbjNrmAE+5IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMjYwNjY0NDYwOTM1NTg2Nw.GmiBbD.BxOkmi6_jSm3KiEBfaoI7z9GP_TE4zxloC3fjo
server_id
1312606556201681018

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2912	2648	047501531983682c470ca7560077477a.exe	30
PID 2648 wrote to memory of 2912	2648	047501531983682c470ca7560077477a.exe	30
PID 2648 wrote to memory of 2912	2648	047501531983682c470ca7560077477a.exe	30

C:\Users\Admin\AppData\Local\Temp\047501531983682c470ca7560077477a.exe
"C:\Users\Admin\AppData\Local\Temp\047501531983682c470ca7560077477a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2648 -s 596
  2⤵
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-0-0x000007FEF57C3000-0x000007FEF57C4000-memory.dmp

Filesize
4KB

Download
memory/2648-1-0x000000013F950000-0x000000013F968000-memory.dmp

Filesize
96KB

Download
memory/2648-2-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/2648-3-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download