discordrat | 73a943a4f26f9812166fe0d7c1d8de28eb507a2aeff97a5c110da8479cd3e37f | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 09:01

Sharing

Report Analysis Logs

General

Target

256b65a54c99a55e023149571779e054.exe
Size

78KB
MD5

256b65a54c99a55e023149571779e054
SHA1

3a5c1ad1bb94f25504efca596d95521d732d9fc9
SHA256

73a943a4f26f9812166fe0d7c1d8de28eb507a2aeff97a5c110da8479cd3e37f
SHA512

38b64b0c202d8b3fec41c9aabdc5bb94c3bef23feea0956f246c8d86ed68fb5d5e2e118d3b3d537ed882301c5e6d73c2986aeac36191226a76422c224046ec1b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+RPIC:5Zv5PDwbjNrmAE+BIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTAyOTM3NzcyMzcxNTU1OTQ2NA.G7rtDA.iVKPgXW9sMwRqiFimO_Rdc0nXAigNycwugkM4k
server_id
696661218521251871

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1712	2068	256b65a54c99a55e023149571779e054.exe	31
PID 2068 wrote to memory of 1712	2068	256b65a54c99a55e023149571779e054.exe	31
PID 2068 wrote to memory of 1712	2068	256b65a54c99a55e023149571779e054.exe	31

C:\Users\Admin\AppData\Local\Temp\256b65a54c99a55e023149571779e054.exe
"C:\Users\Admin\AppData\Local\Temp\256b65a54c99a55e023149571779e054.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2068 -s 596
  2⤵
  PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2068-0-0x000007FEF5B63000-0x000007FEF5B64000-memory.dmp

Filesize
4KB

Download
memory/2068-1-0x000000013FAC0000-0x000000013FAD8000-memory.dmp

Filesize
96KB

Download
memory/2068-2-0x000007FEF5B60000-0x000007FEF654C000-memory.dmp

Filesize
9.9MB

Download
memory/2068-3-0x000007FEF5B60000-0x000007FEF654C000-memory.dmp

Filesize
9.9MB

Download