Analysis
-
max time kernel
94s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11-12-2024 09:37
Behavioral task
behavioral1
Sample
Megami Bootstrapper/Megami Tensai/Bootstrapper.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Megami Bootstrapper/Megami Tensai/Bootstrapper.exe
Resource
win10v2004-20241007-en
General
-
Target
Megami Bootstrapper/Megami Tensai/Bootstrapper.exe
-
Size
78KB
-
MD5
ffd62c8367d0e9a94754d30b539375ba
-
SHA1
277ffd73105ff10e76925bde564847fe00417dbe
-
SHA256
fc4f75bd9d94a5079beada7947d2993ba793d9adb0499300362d4974641e160c
-
SHA512
122943f96bb9ef431eba70c6c5e7ea83234256021fc8f69a6e4d48bd1e8ab1f21d5bb0892d15d00139e87a95d9866429c8df59a6b87127f84039789ffa3702b5
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+VPIC:5Zv5PDwbjNrmAE+FIC
Malware Config
Extracted
discordrat
-
discord_token
MTMxNjMwNDYxNDMzMjgyNTYxMA.GfkKyi.futKLbxb-b4NGCE9C3S0QF42BNSIJ4UKJomCTY
-
server_id
1316299088035315712
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 7 discord.com 8 discord.com 18 discord.com 29 discord.com 30 discord.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1604 Bootstrapper.exe