discordrat | 0f070514a21f205c7d933c888e2adfd9b9a88ee974bc5df6542e2e281c2876f1 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 20:35

Sharing

Report Analysis Logs

General

Target

Loader.exe
Size

92KB
MD5

1301b9ea64d8390d9970ca0525b10154
SHA1

0c06706061f6457871f5e88aff1a12cfcc2960be
SHA256

0f070514a21f205c7d933c888e2adfd9b9a88ee974bc5df6542e2e281c2876f1
SHA512

b83033cb2195f38105cf16fa8ff6967415b68fd01b5925e71ad43e5b1b72815f164f8e9c82e52d1bb727073e61c2d3b46cd4969dd893835f5cde6883ed31cf57
SSDEEP

1536:SbPuJtGN8F+9okEPBAqcBPDyc5I0bpAkAfLgbGNrb9xCIpOMeG73:UuJkN8FwokzBBPDyc5RQgbGNrUGD

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTEyODc1NDE4NjI0MzI5NzMwMg.G7x4DL.C_NV-XSCLkwRQbJ-r5Quy0tggrU3wc8H7rWdS4
server_id
1316838123023630386

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2544	2068	Loader.exe	30
PID 2068 wrote to memory of 2544	2068	Loader.exe	30
PID 2068 wrote to memory of 2544	2068	Loader.exe	30

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2068 -s 596
  2⤵
  PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2068-0-0x000007FEF6443000-0x000007FEF6444000-memory.dmp

Filesize
4KB

Download
memory/2068-1-0x000000013F760000-0x000000013F77C000-memory.dmp

Filesize
112KB

Download
memory/2068-2-0x000007FEF6440000-0x000007FEF6E2C000-memory.dmp

Filesize
9.9MB

Download
memory/2068-3-0x000007FEF6440000-0x000007FEF6E2C000-memory.dmp

Filesize
9.9MB

Download