discordrat | ccde41f0780b8216fefd33c8923e25574a8e9a979714ebf046e47bc16ae37c4a | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 15:42

Sharing

Report Analysis Logs

General

Target

noahhack.exe
Size

78KB
MD5

339f82823a43955daa245da0cabce482
SHA1

d8b614603d06fa92b66816e2852dc7b75001d5d4
SHA256

ccde41f0780b8216fefd33c8923e25574a8e9a979714ebf046e47bc16ae37c4a
SHA512

88dd43c34b21278d05c1e335e5b3d5c996107172a2e28278ea902c4eba19adea4bf88729213cc730a6acf59562e140eeb4a7564285235cf52c6dd73001fdfbab
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+KPIC:5Zv5PDwbjNrmAE+WIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNjQyMDUzMzQxOTYzODg1NA.GIYJkD.4evqcmLgroVtcfeGazTWhr8szfzOs-mUqK60qs
server_id
1316420793181143060

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2740	3028	noahhack.exe	30
PID 3028 wrote to memory of 2740	3028	noahhack.exe	30
PID 3028 wrote to memory of 2740	3028	noahhack.exe	30

C:\Users\Admin\AppData\Local\Temp\noahhack.exe
"C:\Users\Admin\AppData\Local\Temp\noahhack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3028 -s 596
  2⤵
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-0-0x000007FEF4D23000-0x000007FEF4D24000-memory.dmp

Filesize
4KB

Download
memory/3028-1-0x000000013F5F0000-0x000000013F608000-memory.dmp

Filesize
96KB

Download
memory/3028-2-0x000007FEF4D20000-0x000007FEF570C000-memory.dmp

Filesize
9.9MB

Download
memory/3028-3-0x000007FEF4D20000-0x000007FEF570C000-memory.dmp

Filesize
9.9MB

Download