discordrat | cc57bf1700457ed8d41c78f86329ae8efbdf01657f04d7aeba58030756e4a9d8 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 18:33

Sharing

Report Analysis Logs

General

Target

backdoor.exe
Size

78KB
MD5

759230af1e93e4545b6b7c8b98fc2414
SHA1

51a655e46ae1ec1ecd3a55524f6e25a52db51e98
SHA256

cc57bf1700457ed8d41c78f86329ae8efbdf01657f04d7aeba58030756e4a9d8
SHA512

fc290b4532b9dc41c2406040725a856006dd787fce637585294d08f62f62caa07a79a497168fcf52d8934294052854d1ee5edb3dfdbdef432987524413f0a754
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+AxPIC:5Zv5PDwbjNrmAE+wIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE2NDcwNDU1MTkxMjM0NTY1MQ.GGYFtI.Ahb_z5muyuuyyWNs_7YSBSzJf2zmlTwZirl1IQ
server_id
1180266001812689066

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2636	2624	backdoor.exe	30
PID 2624 wrote to memory of 2636	2624	backdoor.exe	30
PID 2624 wrote to memory of 2636	2624	backdoor.exe	30

C:\Users\Admin\AppData\Local\Temp\backdoor.exe
"C:\Users\Admin\AppData\Local\Temp\backdoor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2624 -s 596
  2⤵
  PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2624-0-0x000007FEF4C83000-0x000007FEF4C84000-memory.dmp

Filesize
4KB

Download
memory/2624-1-0x000000013F980000-0x000000013F998000-memory.dmp

Filesize
96KB

Download
memory/2624-2-0x000007FEF4C80000-0x000007FEF566C000-memory.dmp

Filesize
9.9MB

Download
memory/2624-3-0x000007FEF4C80000-0x000007FEF566C000-memory.dmp

Filesize
9.9MB

Download