discordrat | 13cc2f2806d65c35f10a500e8e109c48c1b4ab12642ebdd5c0b3ae85c28fed53

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
07-12-2024 20:00

Target

FortniteExternalBase/vdm/libary.hpp.exe
Size

78KB
MD5

b59a3035631d7d9740f6bbeee9f9af7a
SHA1

63dd307c35e27216f00a5f915fc06c74b3124dd6
SHA256

98ac7772969edb1cec6110cf07ecbd151f008d62373b6fe8b9099a0ad68bf2eb
SHA512

8ac564658284976f614863b8a17faec37cdf014a9188bccdbe3e2e1ad806b7941c107269febad650c41bcfb31e75a8d324ebde7be449858f87841324aa050916
SSDEEP

1536:lIWOBaZ84c6gEz5De2FzNDnghTAsKFbOZGdndxRKDIZ8o1l8ApbDNr1+uexCxoKG:lIWOBaZ84c6gEz5De2FzNDnghTdWd7Kv

Score

10^/10

Family

discordrat

Attributes

discord_token
MTMxMzk0OTc0NTY1NTQ0NzY0Mw.GvqYM1.8ZwhOILcM3Ijsfbzqc8F-Cy7wfV5wKSv-BMD0I
server_id
1313949691574226985

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 3028	2760	libary.hpp.exe	30
PID 2760 wrote to memory of 3028	2760	libary.hpp.exe	30
PID 2760 wrote to memory of 3028	2760	libary.hpp.exe	30

C:\Users\Admin\AppData\Local\Temp\FortniteExternalBase\vdm\libary.hpp.exe
"C:\Users\Admin\AppData\Local\Temp\FortniteExternalBase\vdm\libary.hpp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2760 -s 596
  2⤵
  PID:3028

memory/2760-0-0x000007FEF6783000-0x000007FEF6784000-memory.dmp

Filesize
4KB

Download
memory/2760-1-0x000000013FF70000-0x000000013FF88000-memory.dmp

Filesize
96KB

Download
memory/2760-2-0x000007FEF6780000-0x000007FEF716C000-memory.dmp

Filesize
9.9MB

Download
memory/2760-3-0x000007FEF6780000-0x000007FEF716C000-memory.dmp

Filesize
9.9MB

Download