discordrat | 9c3a2642864d1680716134111aa3ce37cf1f99829a4d8301b4972230358389ec

Resubmissions

07-12-2024 15:53

04-12-2024 20:23

max time kernel
14s
max time network
16s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
07-12-2024 15:53

Target

Discord.exe
Size

51KB
MD5

85f1a70f2760fc2b1c9dd2e11d178548
SHA1

c92415eb189ebb19efa29a1be6eeea7421d2eabc
SHA256

9c3a2642864d1680716134111aa3ce37cf1f99829a4d8301b4972230358389ec
SHA512

f5a8e36d502992f733dd5473d6146bd0a1b3f17a7377b62f2f628318cccf9cec236ea6bac268d9a4377ea12cd4d984f4b59553d4c5de2481bcb710f20d5a2aef
SSDEEP

1536:eblM7Vomh/iB3O0jMOnC5zMHSd94Mu9/f7WWLEI:ebG71/a3NPCOQE7Z

Score

10^/10

Family

discordrat

Attributes

discord_token
MTI5Njg5NDEwMjY0NTkwMzQwMA.GffxcT.wWuk4gdi5T-RNzCLfFQ4XgAEMO4ZjpXcRu5E5Y
server_id
1293738586679672945

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4932	Discord.exe

C:\Users\Admin\AppData\Local\Temp\Discord.exe
"C:\Users\Admin\AppData\Local\Temp\Discord.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4932

memory/4932-0-0x00007FFE75FF3000-0x00007FFE75FF5000-memory.dmp

Filesize
8KB

Download
memory/4932-1-0x00000194941D0000-0x00000194941E2000-memory.dmp

Filesize
72KB

Download
memory/4932-2-0x0000019494580000-0x0000019494598000-memory.dmp

Filesize
96KB

Download
memory/4932-3-0x00000194AE980000-0x00000194AEB42000-memory.dmp

Filesize
1.8MB

Download
memory/4932-4-0x00007FFE75FF0000-0x00007FFE76AB2000-memory.dmp

Filesize
10.8MB

Download
memory/4932-5-0x00000194AF080000-0x00000194AF5A8000-memory.dmp

Filesize
5.2MB

Download
memory/4932-6-0x00007FFE75FF3000-0x00007FFE75FF5000-memory.dmp

Filesize
8KB

Download
memory/4932-7-0x00007FFE75FF0000-0x00007FFE76AB2000-memory.dmp

Filesize
10.8MB

Download