discordrat | a766923ebb53cbff64f0603af9f07a4a5076aeff4d3416b7c817905a1a1c0a3f | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 09:01

Sharing

Report Analysis Logs

General

Target

6c7dfceb22fe0ef78835f29e53ae6b3e.exe
Size

78KB
MD5

6c7dfceb22fe0ef78835f29e53ae6b3e
SHA1

c8b290b0ec67a3cadfa6766cf1e630414c1c61c1
SHA256

a766923ebb53cbff64f0603af9f07a4a5076aeff4d3416b7c817905a1a1c0a3f
SHA512

a506c076fe1b06c873aee2ebad22e953c3e0cf766736fa05f66f60031f7f7184c4d81e033f7787dfd1e007ec1feed88717a900fb76acb9fd42b8294807ef2964
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+8PIC:5Zv5PDwbjNrmAE+wIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE1ODQ5NzkyODQ2MjIwNTExOQ.GRJ0l6.7SpFGKSu5G_J8dWAJje9hfCtSecIS6RuVXIE_E
server_id
1153564868197236846

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 576 wrote to memory of 2340	576	6c7dfceb22fe0ef78835f29e53ae6b3e.exe	31
PID 576 wrote to memory of 2340	576	6c7dfceb22fe0ef78835f29e53ae6b3e.exe	31
PID 576 wrote to memory of 2340	576	6c7dfceb22fe0ef78835f29e53ae6b3e.exe	31

C:\Users\Admin\AppData\Local\Temp\6c7dfceb22fe0ef78835f29e53ae6b3e.exe
"C:\Users\Admin\AppData\Local\Temp\6c7dfceb22fe0ef78835f29e53ae6b3e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 576 -s 596
  2⤵
  PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/576-0-0x000007FEF5B13000-0x000007FEF5B14000-memory.dmp

Filesize
4KB

Download
memory/576-1-0x000000013F940000-0x000000013F958000-memory.dmp

Filesize
96KB

Download
memory/576-2-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download
memory/576-3-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download